Attachment #228965 for bug #259379




# Created by Bruno Damour <bruno@ruomad.net>
#

PORTNAME=		libpki
DISTVERSION=		0.9.1-p20211023
CATEGORIES=		security
DISTNAME=		libpki-0.9.1-p20211023

MAINTAINER=		bruno@ruomad.net
COMMENT=		OpenCA PKI library (libpki) and tools

LICENSE=		APACHE20

LIB_DEPENDS=		libxml2.so:textproc/libxml2

USES=			ssl autoreconf libtool
USE_GITHUB=		yes
GH_ACCOUNT=		openca
GH_TAGNAME=		v0.8.9-182-ge2e25ab

USE_LDCONFIG=		yes

# Provided patches fix :
#  - src/pki.config.c to replace a breaking call to strncpy by strcpy
#  - src/global-vars.in to add localrootdir (new autoconf versions)
#  - configure.ac to (i) fix a typo in AC_COMPILE_IFELSE invocation,
#    (ii) not to append mybits to libdir (lib vs lib64) on *bsd*, and
#    (iii) map target arm64 (reported by FreeBSD) to expected x86_64 :
#    hence the need to autoreconf
PATCH_STRIP= 		-p0

GNU_CONFIGURE=		yes
CONFIGURE_ARGS=		--disable-dependency-tracking \
			--disable-ldap --disable-mysql --disable-pg \
			--disable-dns --disable-iphone \
			--with-xml2-prefix=${LOCALBASE}
INSTALL_TARGET=		install-strip

# Rename installed configuration files to samples
post-stage:
	${MV} ${WRKDIR}/stage${PREFIX}/etc/pki.conf ${WRKDIR}/stage${PREFIX}/etc/pki.conf.sample; \
	for f in $$(find ${STAGEDIR}${PREFIX}/etc/libpki -type f); do \
		${MV} $$f $$f.sample; \
	done

.include <bsd.port.mk>

Added Link Here

(-)b/security/libpki/distinfo (+3 lines)
1	TIMESTAMP = 1634986583
2	SHA256 (openca-libpki-0.9.1-p20211023-v0.8.9-182-ge2e25ab_GH0.tar.gz) = cb3417288b931f6d9591b6b41d14985a1c88a64ba83428c3a0e13a63edfc8a13
3	SIZE (openca-libpki-0.9.1-p20211023-v0.8.9-182-ge2e25ab_GH0.tar.gz) = 1182943




--- configure.ac.orig	2021-01-16 01:14:34.000000000 +0100
+++ configure.ac	2021-08-27 00:27:57.300484000 +0200
@@ -257,6 +257,7 @@
 		;;
  *bsd*) myarch=bsd
 		shlext=so
+		mybits_install=""
 		;;
  *iphone*)
 		myarch=iphone
@@ -298,6 +299,9 @@
 	x86_64-*)
 		arch_target=x86_64
 		;;
+	amd64*-*)
+		arch_target=x86_64
+		;;
 	sparc*-*)
 		arch_target=Sparc
 		;;
@@ -493,13 +497,13 @@
 dnl [ pthread_rw=no ] )
 
 dnl AC_TRY_COMPILE( [
-AC_COMPILE_IFELSE( AC_LANG_SOURCE([[
+AC_COMPILE_IFELSE( [AC_LANG_SOURCE([
 #include <sys/types.h>
 #include <pthread.h>
 pthread_rwlock_t rwlock=PTHREAD_RWLOCK_INITIALIZER;
 int main() {
 return (0);
-} ]]),
+} ])],
 [ pthread_rw=yes ] , 
 [ pthread_rw=no ] )
 

Added Link Here

(-)b/security/libpki/files/patch-global-vars.in (+10 lines)
1	--- src/global-vars.in.orig 2021-01-16 01:14:34.000000000 +0100
2	+++ src/global-vars.in 2021-08-25 14:58:51.219021000 +0200
3	@@ -20,6 +20,7 @@
4	DEST_SBINDIR = $(DESTDIR)@sbindir@
5	DEST_BINDIR = $(DESTDIR)@bindir@
6	DEST_LIBDIR = $(DESTDIR)@libdir@
7	+DEST_DATADIR = @datarootdir@
8	DEST_DATADIR = @datadir@
9	DEST_INFODIR = @infodir@
10	DEST_MANDIR = @mandir@

Added Link Here

(-)b/security/libpki/files/patch-pki_config.c (+11 lines)
1	--- src/pki_config.c.orig 2021-01-16 00:14:34 UTC
2	+++ src/pki_config.c
3	@@ -83,7 +83,7 @@ static char * _xml_search_namespace_add ( char *search
4	PKI_Free( my_arg );
5
6	ret = PKI_Malloc ( strlen( my_search ) + 1);
7	- strncpy( ret, my_search, strlen(my_search) );
8	+ strcpy( ret, my_search );
9
10	PKI_Free ( my_search );
11	return( ret );

Added Link Here

(-)b/security/libpki/pkg-descr (+5 lines)
1	OpenCA LibPKI provides an easy-to-use PKI library for PKI enabled application development.
2	The library provides the developer with all the needed functionalities to manage certificates,
3	from generation to validation.
4
5	WWW: https://www.openca.org/projects/libpki




bin/libpki-config
bin/pki-cert
bin/pki-crl
bin/pki-derenc
bin/pki-query
bin/pki-request
bin/pki-siginfo
bin/pki-tool
bin/pki-xpair
bin/url-tool
etc/libpki/hsm.d/eracom-sdk.xml.sample
etc/libpki/hsm.d/etoken-engine.xml.sample
etc/libpki/hsm.d/etoken-pkcs11.xml.sample
etc/libpki/hsm.d/etoken.xml.sample
etc/libpki/hsm.d/opencryptoki.xml.sample
etc/libpki/hsm.d/tpm.xml.sample
etc/libpki/objectIdentifiers.xml.sample
etc/libpki/profile.d/crl.xml.sample
etc/libpki/profile.d/server.xml.sample
etc/libpki/profile.d/test.xml.sample
etc/libpki/profile.d/user.xml.sample
etc/libpki/store.d/empty.xml.sample
etc/libpki/token.d/default.xml.sample
etc/libpki/token.d/eracom.xml.sample
etc/libpki/token.d/etoken-engine.xml.sample
etc/libpki/token.d/etoken.xml.sample
etc/libpki/token.d/opencryptoki.xml.sample
etc/libpki/token.d/software.xml.sample
etc/libpki/token.d/test.xml.sample
etc/libpki/token.d/tpm.xml.sample
etc/pki.conf.sample
@comment include/internal/ossl_1_0_x/cms_lcl.h
@comment include/internal/ossl_1_1_0/cms_lcl.h
@comment include/internal/ossl_1_1_0/ocsp_lcl.h
@comment include/internal/ossl_1_1_0/x509_int.h
@comment include/internal/ossl_1_1_0/x509_lcl.h
@comment include/internal/ossl_1_1_1/cms_lcl.h
@comment include/internal/ossl_1_1_1/ocsp_lcl.h
@comment include/internal/ossl_1_1_1/refcount.h
@comment include/internal/ossl_1_1_1/x509_int.h
@comment include/internal/ossl_1_1_1/x509_lcl.h
include/libpki/banners.h
include/libpki/cmc.h
include/libpki/cmc/cmc_cert_req.h
include/libpki/compat.h
include/libpki/config.h
include/libpki/crypto.h
include/libpki/datatypes.h
include/libpki/drivers/engine/data_st.h
include/libpki/drivers/engine/engine_hsm.h
include/libpki/drivers/engine/engine_hsm_obj.h
include/libpki/drivers/engine/engine_hsm_pkey.h
include/libpki/drivers/engine/engine_st.h
include/libpki/drivers/hsm_keypair.h
include/libpki/drivers/hsm_main.h
include/libpki/drivers/hsm_slot.h
include/libpki/drivers/kmf/data_st.h
include/libpki/drivers/kmf/kmf_hsm.h
include/libpki/drivers/kmf/kmf_hsm_engine.h
include/libpki/drivers/kmf/kmf_hsm_pkey.h
include/libpki/drivers/kmf/kmf_hsm_sign.h
include/libpki/drivers/kmf/pki_kmflib.h
include/libpki/drivers/openssl/data_st.h
include/libpki/drivers/openssl/openssl_hsm.h
include/libpki/drivers/openssl/openssl_hsm_cb.h
include/libpki/drivers/openssl/openssl_hsm_obj.h
include/libpki/drivers/openssl/openssl_hsm_pkey.h
include/libpki/drivers/pkcs11/pkcs11_hsm.h
include/libpki/drivers/pkcs11/pkcs11_hsm_obj.h
include/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h
include/libpki/drivers/pkcs11/pkcs11_utils.h
include/libpki/drivers/pkcs11/rsa/cryptoki.h
include/libpki/drivers/pkcs11/rsa/pkcs11.h
include/libpki/drivers/pkcs11/rsa/pkcs11_func.h
include/libpki/drivers/pkcs11/rsa/pkcs11f.h
include/libpki/drivers/pkcs11/rsa/pkcs11t.h
include/libpki/errors-new.h
include/libpki/errors.h
include/libpki/est/est.h
include/libpki/est/pki_x509_est_asn1.h
include/libpki/est/pki_x509_est_attrs.h
include/libpki/est/pki_x509_est_data.h
include/libpki/est/pki_x509_est_msg.h
include/libpki/extensions.h
include/libpki/hsm_st.h
include/libpki/io/pki_keypair_io.h
include/libpki/io/pki_msg_req_io.h
include/libpki/io/pki_msg_resp_io.h
include/libpki/io/pki_ocsp_req_io.h
include/libpki/io/pki_ocsp_resp_io.h
include/libpki/io/pki_x509_cert_io.h
include/libpki/io/pki_x509_cms_io.h
include/libpki/io/pki_x509_crl_io.h
include/libpki/io/pki_x509_io.h
include/libpki/io/pki_x509_p12_io.h
include/libpki/io/pki_x509_pkcs7_io.h
include/libpki/io/pki_x509_req_io.h
include/libpki/io/pki_x509_xpair_io.h
include/libpki/libpkiv.h
include/libpki/net/dns.h
include/libpki/net/http_s.h
include/libpki/net/ldap.h
include/libpki/net/pkcs11.h
include/libpki/net/pki_mysql.h
include/libpki/net/pki_pg.h
include/libpki/net/pki_socket.h
include/libpki/net/sock.h
include/libpki/net/ssl.h
include/libpki/net/url.h
include/libpki/openssl/data_st.h
include/libpki/openssl/pthread_init.h
include/libpki/os.h
include/libpki/pki.h
include/libpki/pki_algor.h
include/libpki/pki_conf.h
include/libpki/pki_config.h
include/libpki/pki_cred.h
include/libpki/pki_digest.h
include/libpki/pki_err.h
include/libpki/pki_hmac.h
include/libpki/pki_id.h
include/libpki/pki_id_info.h
include/libpki/pki_init.h
include/libpki/pki_integer.h
include/libpki/pki_io.h
include/libpki/pki_keypair.h
include/libpki/pki_keyparams.h
include/libpki/pki_log.h
include/libpki/pki_mem.h
include/libpki/pki_msg.h
include/libpki/pki_msg_req.h
include/libpki/pki_msg_resp.h
include/libpki/pki_ocsp_req.h
include/libpki/pki_ocsp_resp.h
include/libpki/pki_oid.h
include/libpki/pki_string.h
include/libpki/pki_threads.h
include/libpki/pki_threads_vars.h
include/libpki/pki_time.h
include/libpki/pki_x509.h
include/libpki/pki_x509_attribute.h
include/libpki/pki_x509_cert.h
include/libpki/pki_x509_cert_mem.h
include/libpki/pki_x509_cms.h
include/libpki/pki_x509_crl.h
include/libpki/pki_x509_data_st.h
include/libpki/pki_x509_extension.h
include/libpki/pki_x509_mem.h
include/libpki/pki_x509_mime.h
include/libpki/pki_x509_name.h
include/libpki/pki_x509_p12.h
include/libpki/pki_x509_pkcs7.h
include/libpki/pki_x509_profile.h
include/libpki/pki_x509_req.h
include/libpki/pki_x509_signature.h
include/libpki/pki_x509_xpair.h
include/libpki/pki_x509_xpair_asn1.h
include/libpki/profile.h
include/libpki/prqp/http_client.h
include/libpki/prqp/prqp.h
include/libpki/prqp/prqp_asn1.h
include/libpki/prqp/prqp_bio.h
include/libpki/prqp/prqp_lib.h
include/libpki/prqp/prqp_req_io.h
include/libpki/prqp/prqp_resp_io.h
include/libpki/prqp/prqp_srv.h
include/libpki/prqp/prqp_stack.h
include/libpki/scep/pki_x509_scep_asn1.h
include/libpki/scep/pki_x509_scep_attrs.h
include/libpki/scep/pki_x509_scep_data.h
include/libpki/scep/pki_x509_scep_msg.h
include/libpki/scep/scep.h
include/libpki/stack.h
include/libpki/support.h
include/libpki/token.h
include/libpki/token_data.h
include/libpki/token_id.h
include/libpki/token_st.h
lib/libpki.a
lib/libpki.so
lib/libpki.so.91
lib/libpki.so.91.91.3
@comment libdata/ldconfig/libpki
@comment share/libpki/README.data_structures
@comment share/libpki/README.functions
@comment share/libpki/doxygen-man.conf
@comment share/libpki/doxygen-pdf.conf
@comment share/libpki/doxygen.conf
@comment share/libpki/pkginfo




# Created by Bruno Damour <bruno@ruomad.net>
#

PORTNAME=		openca-ocspd
DISTVERSION=		3.1.3-p20211023
CATEGORIES=		security
DISTNAME=		openca-ocspd-3.1.3-p20211023

MAINTAINER=		bruno@ruomad.net
COMMENT=		OpenCA OCSP responder

LICENSE=		APACHE20

LIB_DEPENDS=		libpki.so:security/libpki \
			libxml2.so:textproc/libxml2

USES=			ssl autoreconf libtool shebangfix
USE_GITHUB=		yes
GH_ACCOUNT=		openca
GH_TAGNAME=             v3.1.2-13-ga779a5e
SHEBANG_FILES=		etc/ocspd.in scripts/ocspd-genreq.sh.in test/test.sh

# Add a rc script to start the OCSP daemon
USE_RC_SUBR=		ocspd

# Provided patches fix :
#  - src/config.c and src/crl.c to fix calls PKI_* wrongly using -1 as
#    second argument (data format) instead of PKI_DATA_FORMAT_UNKNOWN
#  - src/global-vars.in to add localrootdir (new autoconf versions)
#  - configure.ac to detect the presence of socket.h :
#    hence the need to autoreconf
PATCH_STRIP=		-p0

GNU_CONFIGURE=		yes
CONFIGURE_ARGS=		--with-libpki-prefix=${PREFIX}

# Rename installed configuration files to samples
post-stage:
	for f in $$(find ${STAGEDIR}${PREFIX}/etc/ocspd -type f); do \
		${MV} $$f $$f.sample; \
	done

.include <bsd.port.mk>

Added Link Here

(-)b/security/openca-ocspd/distinfo (+3 lines)
1	TIMESTAMP = 1634990265
2	SHA256 (openca-openca-ocspd-3.1.3-p20211023-v3.1.2-13-ga779a5e_GH0.tar.gz) = 42964c883a8f53c7b2fe403edbe32e9f3b2111fec72fce6726e660671b01c8b6
3	SIZE (openca-openca-ocspd-3.1.3-p20211023-v3.1.2-13-ga779a5e_GH0.tar.gz) = 594630




#!/bin/sh

# PROVIDE: ocspd
# REQUIRE: NETWORK

. /etc/rc.subr

name=ocspd
rcvar=ocspd_enable

pidfile="/var/run/${name}.pid"

command="%%PREFIX%%/sbin/ocspd"
command_args="-c %%PREFIX%%/etc/ocspd/ocspd.xml -d -v"

load_rc_config ${name}
: ${ocspd_enable:=no}
: ${ocspd_msg="Nothing started."}


run_rc_command "$1"




--- src/ocspd/config.c.orig	2020-01-08 19:28:11 UTC
+++ src/ocspd/config.c
@@ -487,7 +487,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
 			subTmp_s = NULL;
 
 			// Retrieves the CA cert
-			if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, -1, NULL, NULL ))== NULL)
+			if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL ))== NULL)
 			{
 				// Error, can not get the CA certificate from the
 				// provided URL in the configuration
@@ -524,7 +524,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
 			}
 
 			// Parses and get the stack of X509_CERT from the PKI_MEM data
-			if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, -1, NULL)) == NULL) {
+			if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, PKI_DATA_FORMAT_UNKNOWN, NULL)) == NULL) {
 
 				// Error, can not get the stack of certs from the CA cert value
 				PKI_log_err("Can not parse cert from /caConfig/caCertValue [CA: %s]",
@@ -745,7 +745,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
 			else
 			{
 				// The Server's cert URL is found, let's load the certificate
-				if ((tmp_cert = PKI_X509_CERT_get(tmp_s, -1, NULL, NULL)) == NULL) {
+				if ((tmp_cert = PKI_X509_CERT_get(tmp_s, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL) {
 
 					// Error, can not get the certificate from the URL
 					PKI_log_err("Can not get server's cert [CA: %s, URL: %s]",
@@ -857,7 +857,7 @@ int OCSPD_load_crl ( CA_LIST_ENTRY *ca, OCSPD_CONFIG *
 
 	// Load the new CRL
 	if (( ca->crl = PKI_X509_CRL_get_url(ca->crl_url, 
-					     -1, NULL, NULL )) == NULL) {
+					     PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) {
 
 		// Error, can not get the CRL from the URL
 		PKI_log_err("Failed loading CRL for [CA: %s, URL: %s]",
@@ -946,7 +946,7 @@ int ocspd_reload_all_ca ( OCSPD_CONFIG *conf ) {
 
 			// Get the CA certificate
 			if ((ca->ca_cert = PKI_X509_CERT_get_url(ca->ca_url,
-							         -1, NULL, NULL )) == NULL) {
+							         PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) {
 
 				// Can not get the CA Cert from the URL
 				PKI_log_err("Can not load CA cert [CA: %s, URL: %s]",

Added Link Here

(-)b/security/openca-ocspd/files/patch-configure.ac (+11 lines)
1	--- configure.ac.orig 2020-01-08 20:28:11.000000000 +0100
2	+++ configure.ac 2021-08-25 14:58:50.324390000 +0200
3	@@ -147,7 +147,7 @@
4	dnl Checks for programs.
5	dnl AC_CONFIG_HEADERS
6	AC_STDC_HEADERS
7	-AC_HAVE_HEADERS(string.h stdio.h stdlib.h fcntl.h sys/file.h sys/param.h sys/sem.h sys/ipc.h)
8	+AC_HAVE_HEADERS(string.h stdio.h stdlib.h fcntl.h sys/file.h sys/param.h sys/sem.h sys/ipc.h sys/socket.h)
9
10	AC_CONFIG_HEADERS(src/ocspd/includes/config.h)
11




--- src/ocspd/core.c.orig	2021-10-23 13:37:33.148289000 +0200
+++ src/ocspd/core.c	2021-10-23 13:49:04.412933000 +0200
@@ -52,13 +52,15 @@
 		}
 
 		rv = PKI_TOKEN_check(ocspd_conf->token);
-		if (rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR |
-							PKI_TOKEN_STATUS_CERT_ERR |
-							PKI_TOKEN_STATUS_CACERT_ERR))
+		if (rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR |
+			                                PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR |
+							PKI_TOKEN_STATUS_CERT_MISSING_ERR |
+							PKI_TOKEN_STATUS_CACERT_MISSING_ERR))
 		{
-			if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL);
-			if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL);
-			if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL);
+			if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL);		  
+			if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL);
+			if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL);
+			if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL);
 
 			PKI_log_err("Token Configuration Fatal Error (%d)", rv);
 			exit(rv);
@@ -101,13 +103,15 @@
 		}
 
 		rv = PKI_TOKEN_check(ca->token);
-		if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR |
-							 PKI_TOKEN_STATUS_CERT_ERR |
-							 PKI_TOKEN_STATUS_CACERT_ERR))
+		if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR |
+							 PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR |
+							 PKI_TOKEN_STATUS_CERT_MISSING_ERR |
+							 PKI_TOKEN_STATUS_CACERT_MISSING_ERR))
 		{
-			if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_ERR, NULL);
-			if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_ERR, NULL);
-			if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_ERR, NULL);
+			if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR, NULL);
+			if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR, NULL);
+			if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_MISSING_ERR, NULL);
+			if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_MISSING_ERR, NULL);
 
 			PKI_log_err ( "Token Configuration Fatal Error (%d) for ca %s", rv, ca->ca_id);
 			exit(rv);

Added Link Here

(-)b/security/openca-ocspd/files/patch-crl.c (+11 lines)
1	--- src/ocspd/crl.c.orig 2020-01-08 19:28:11 UTC
2	+++ src/ocspd/crl.c
3	@@ -49,7 +49,7 @@ int ocspd_load_ca_crl(CA_LIST_ENTRY *caEntry, OCSPD_CO
4
5	// We now re-load the CRL
6	if( (caEntry->crl = PKI_X509_CRL_get_url(caEntry->crl_url,
7	- -1, NULL, NULL)) == NULL ) {
8	+ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL ) {
9	PKI_log_err("Can not reload CRL [CA: %s, URL: %s]",
10	caEntry->ca_id, caEntry->crl_url->url_s);
11	PKI_RWLOCK_release_write(&conf->crl_lock);

Added Link Here

(-)b/security/openca-ocspd/files/patch-global-vars.in (+10 lines)
1	--- src/global-vars.in.orig 2020-01-08 19:28:11 UTC
2	+++ src/global-vars.in
3	@@ -12,6 +12,7 @@ doc_prefix = $(DESTDIR)${datadir}/openca-prqpd
4	DEST_SBINDIR = $(DESTDIR)@sbindir@
5	DEST_BINDIR = $(DESTDIR)@bindir@
6	DEST_LIBDIR = $(DESTDIR)@libdir@
7	+DEST_DATADIR = @datarootdir@
8	DEST_DATADIR = @datadir@
9	DEST_INFODIR = @infodir@
10	DEST_MANDIR = @mandir@

Added Link Here

(-)b/security/openca-ocspd/files/patch-includes_general.h (+11 lines)
1	--- src/ocspd/includes/general.h.orig 2020-01-08 19:28:11 UTC
2	+++ src/ocspd/includes/general.h
3	@@ -15,6 +15,8 @@
4	# define ATTRIBUTE_NO_SANITIZE_ADDRESS
5	#endif
6
7	+#include "config.h"
8	+
9	#include <libpki/pki.h>
10	#include <libpki/libpkiv.h>
11

Added Link Here

(-)b/security/openca-ocspd/pkg-descr (+6 lines)
1	OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder.
2	The server is a stand-alone application and can be integrated into many different PKI solutions
3	as it does not depend on specific database scheme.
4	Furthermore it can be used as a responder for multiple CAs.
5
6	WWW: https://www.openca.org/projects/ocspd




bin/ocspd-genreq.sh
@comment bin/test.sh
@comment etc/init.d/ocspd
etc/ocspd/ocspd.xml.sample
etc/ocspd/pki/token.d/etoken.xml.sample
etc/ocspd/pki/token.d/software.xml.sample
etc/ocspd/pki/token.d/eracom.xml.sample
etc/ocspd/ca.d/collegeca.xml.sample
etc/ocspd/ca.d/self-certs.xml.sample
libdata/pkgconfig/openca-ocspd.pc
sbin/ocspd
share/man/man3/ocspd.3.gz
share/man/man3/ocspd.conf.3.gz
@dir etc/ocspd/ca.d
@dir etc/ocspd/certs
@dir etc/ocspd/crls
@dir etc/ocspd/pki/hsm.d
@dir etc/ocspd/pki/profile.d
@dir etc/ocspd/private
@dir var/run

Return to bug 259379

Added Link Here

(-)b/security/libpki/Makefile (+46 lines)
1	# Created by Bruno Damour <bruno@ruomad.net>
2	#
3
4	PORTNAME= libpki
5	DISTVERSION= 0.9.1-p20211023
6	CATEGORIES= security
7	DISTNAME= libpki-0.9.1-p20211023
8
9	MAINTAINER= bruno@ruomad.net
10	COMMENT= OpenCA PKI library (libpki) and tools
11
12	LICENSE= APACHE20
13
14	LIB_DEPENDS= libxml2.so:textproc/libxml2
15
16	USES= ssl autoreconf libtool
17	USE_GITHUB= yes
18	GH_ACCOUNT= openca
19	GH_TAGNAME= v0.8.9-182-ge2e25ab
20
21	USE_LDCONFIG= yes
22
23	# Provided patches fix :
24	# - src/pki.config.c to replace a breaking call to strncpy by strcpy
25	# - src/global-vars.in to add localrootdir (new autoconf versions)
26	# - configure.ac to (i) fix a typo in AC_COMPILE_IFELSE invocation,
27	# (ii) not to append mybits to libdir (lib vs lib64) on bsd, and
28	# (iii) map target arm64 (reported by FreeBSD) to expected x86_64 :
29	# hence the need to autoreconf
30	PATCH_STRIP= -p0
31
32	GNU_CONFIGURE= yes
33	CONFIGURE_ARGS= --disable-dependency-tracking \
34	--disable-ldap --disable-mysql --disable-pg \
35	--disable-dns --disable-iphone \
36	--with-xml2-prefix=${LOCALBASE}
37	INSTALL_TARGET= install-strip
38
39	# Rename installed configuration files to samples
40	post-stage:
41	${MV} ${WRKDIR}/stage${PREFIX}/etc/pki.conf ${WRKDIR}/stage${PREFIX}/etc/pki.conf.sample; \
42	for f in $$(find ${STAGEDIR}${PREFIX}/etc/libpki -type f); do \
43	${MV} $$f $$f.sample; \
44	done
45
46	.include <bsd.port.mk>

Added Link Here

(-)b/security/libpki/files/patch-configure.ac (+36 lines)
1	--- configure.ac.orig 2021-01-16 01:14:34.000000000 +0100
2	+++ configure.ac 2021-08-27 00:27:57.300484000 +0200
3	@@ -257,6 +257,7 @@
4	;;
5	bsd) myarch=bsd
6	shlext=so
7	+ mybits_install=""
8	;;
9	iphone)
10	myarch=iphone
11	@@ -298,6 +299,9 @@
12	x86_64-*)
13	arch_target=x86_64
14	;;
15	+ amd64-)
16	+ arch_target=x86_64
17	+ ;;
18	sparc-)
19	arch_target=Sparc
20	;;
21	@@ -493,13 +497,13 @@
22	dnl [ pthread_rw=no ] )
23
24	dnl AC_TRY_COMPILE( [
25	-AC_COMPILE_IFELSE( AC_LANG_SOURCE([[
26	+AC_COMPILE_IFELSE( [AC_LANG_SOURCE([
27	#include <sys/types.h>
28	#include <pthread.h>
29	pthread_rwlock_t rwlock=PTHREAD_RWLOCK_INITIALIZER;
30	int main() {
31	return (0);
32	-} ]]),
33	+} ])],
34	[ pthread_rw=yes ] ,
35	[ pthread_rw=no ] )
36

Added Link Here

(-)b/security/libpki/pkg-plist (+189 lines)
1	bin/libpki-config
2	bin/pki-cert
3	bin/pki-crl
4	bin/pki-derenc
5	bin/pki-query
6	bin/pki-request
7	bin/pki-siginfo
8	bin/pki-tool
9	bin/pki-xpair
10	bin/url-tool
11	etc/libpki/hsm.d/eracom-sdk.xml.sample
12	etc/libpki/hsm.d/etoken-engine.xml.sample
13	etc/libpki/hsm.d/etoken-pkcs11.xml.sample
14	etc/libpki/hsm.d/etoken.xml.sample
15	etc/libpki/hsm.d/opencryptoki.xml.sample
16	etc/libpki/hsm.d/tpm.xml.sample
17	etc/libpki/objectIdentifiers.xml.sample
18	etc/libpki/profile.d/crl.xml.sample
19	etc/libpki/profile.d/server.xml.sample
20	etc/libpki/profile.d/test.xml.sample
21	etc/libpki/profile.d/user.xml.sample
22	etc/libpki/store.d/empty.xml.sample
23	etc/libpki/token.d/default.xml.sample
24	etc/libpki/token.d/eracom.xml.sample
25	etc/libpki/token.d/etoken-engine.xml.sample
26	etc/libpki/token.d/etoken.xml.sample
27	etc/libpki/token.d/opencryptoki.xml.sample
28	etc/libpki/token.d/software.xml.sample
29	etc/libpki/token.d/test.xml.sample
30	etc/libpki/token.d/tpm.xml.sample
31	etc/pki.conf.sample
32	@comment include/internal/ossl_1_0_x/cms_lcl.h
33	@comment include/internal/ossl_1_1_0/cms_lcl.h
34	@comment include/internal/ossl_1_1_0/ocsp_lcl.h
35	@comment include/internal/ossl_1_1_0/x509_int.h
36	@comment include/internal/ossl_1_1_0/x509_lcl.h
37	@comment include/internal/ossl_1_1_1/cms_lcl.h
38	@comment include/internal/ossl_1_1_1/ocsp_lcl.h
39	@comment include/internal/ossl_1_1_1/refcount.h
40	@comment include/internal/ossl_1_1_1/x509_int.h
41	@comment include/internal/ossl_1_1_1/x509_lcl.h
42	include/libpki/banners.h
43	include/libpki/cmc.h
44	include/libpki/cmc/cmc_cert_req.h
45	include/libpki/compat.h
46	include/libpki/config.h
47	include/libpki/crypto.h
48	include/libpki/datatypes.h
49	include/libpki/drivers/engine/data_st.h
50	include/libpki/drivers/engine/engine_hsm.h
51	include/libpki/drivers/engine/engine_hsm_obj.h
52	include/libpki/drivers/engine/engine_hsm_pkey.h
53	include/libpki/drivers/engine/engine_st.h
54	include/libpki/drivers/hsm_keypair.h
55	include/libpki/drivers/hsm_main.h
56	include/libpki/drivers/hsm_slot.h
57	include/libpki/drivers/kmf/data_st.h
58	include/libpki/drivers/kmf/kmf_hsm.h
59	include/libpki/drivers/kmf/kmf_hsm_engine.h
60	include/libpki/drivers/kmf/kmf_hsm_pkey.h
61	include/libpki/drivers/kmf/kmf_hsm_sign.h
62	include/libpki/drivers/kmf/pki_kmflib.h
63	include/libpki/drivers/openssl/data_st.h
64	include/libpki/drivers/openssl/openssl_hsm.h
65	include/libpki/drivers/openssl/openssl_hsm_cb.h
66	include/libpki/drivers/openssl/openssl_hsm_obj.h
67	include/libpki/drivers/openssl/openssl_hsm_pkey.h
68	include/libpki/drivers/pkcs11/pkcs11_hsm.h
69	include/libpki/drivers/pkcs11/pkcs11_hsm_obj.h
70	include/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h
71	include/libpki/drivers/pkcs11/pkcs11_utils.h
72	include/libpki/drivers/pkcs11/rsa/cryptoki.h
73	include/libpki/drivers/pkcs11/rsa/pkcs11.h
74	include/libpki/drivers/pkcs11/rsa/pkcs11_func.h
75	include/libpki/drivers/pkcs11/rsa/pkcs11f.h
76	include/libpki/drivers/pkcs11/rsa/pkcs11t.h
77	include/libpki/errors-new.h
78	include/libpki/errors.h
79	include/libpki/est/est.h
80	include/libpki/est/pki_x509_est_asn1.h
81	include/libpki/est/pki_x509_est_attrs.h
82	include/libpki/est/pki_x509_est_data.h
83	include/libpki/est/pki_x509_est_msg.h
84	include/libpki/extensions.h
85	include/libpki/hsm_st.h
86	include/libpki/io/pki_keypair_io.h
87	include/libpki/io/pki_msg_req_io.h
88	include/libpki/io/pki_msg_resp_io.h
89	include/libpki/io/pki_ocsp_req_io.h
90	include/libpki/io/pki_ocsp_resp_io.h
91	include/libpki/io/pki_x509_cert_io.h
92	include/libpki/io/pki_x509_cms_io.h
93	include/libpki/io/pki_x509_crl_io.h
94	include/libpki/io/pki_x509_io.h
95	include/libpki/io/pki_x509_p12_io.h
96	include/libpki/io/pki_x509_pkcs7_io.h
97	include/libpki/io/pki_x509_req_io.h
98	include/libpki/io/pki_x509_xpair_io.h
99	include/libpki/libpkiv.h
100	include/libpki/net/dns.h
101	include/libpki/net/http_s.h
102	include/libpki/net/ldap.h
103	include/libpki/net/pkcs11.h
104	include/libpki/net/pki_mysql.h
105	include/libpki/net/pki_pg.h
106	include/libpki/net/pki_socket.h
107	include/libpki/net/sock.h
108	include/libpki/net/ssl.h
109	include/libpki/net/url.h
110	include/libpki/openssl/data_st.h
111	include/libpki/openssl/pthread_init.h
112	include/libpki/os.h
113	include/libpki/pki.h
114	include/libpki/pki_algor.h
115	include/libpki/pki_conf.h
116	include/libpki/pki_config.h
117	include/libpki/pki_cred.h
118	include/libpki/pki_digest.h
119	include/libpki/pki_err.h
120	include/libpki/pki_hmac.h
121	include/libpki/pki_id.h
122	include/libpki/pki_id_info.h
123	include/libpki/pki_init.h
124	include/libpki/pki_integer.h
125	include/libpki/pki_io.h
126	include/libpki/pki_keypair.h
127	include/libpki/pki_keyparams.h
128	include/libpki/pki_log.h
129	include/libpki/pki_mem.h
130	include/libpki/pki_msg.h
131	include/libpki/pki_msg_req.h
132	include/libpki/pki_msg_resp.h
133	include/libpki/pki_ocsp_req.h
134	include/libpki/pki_ocsp_resp.h
135	include/libpki/pki_oid.h
136	include/libpki/pki_string.h
137	include/libpki/pki_threads.h
138	include/libpki/pki_threads_vars.h
139	include/libpki/pki_time.h
140	include/libpki/pki_x509.h
141	include/libpki/pki_x509_attribute.h
142	include/libpki/pki_x509_cert.h
143	include/libpki/pki_x509_cert_mem.h
144	include/libpki/pki_x509_cms.h
145	include/libpki/pki_x509_crl.h
146	include/libpki/pki_x509_data_st.h
147	include/libpki/pki_x509_extension.h
148	include/libpki/pki_x509_mem.h
149	include/libpki/pki_x509_mime.h
150	include/libpki/pki_x509_name.h
151	include/libpki/pki_x509_p12.h
152	include/libpki/pki_x509_pkcs7.h
153	include/libpki/pki_x509_profile.h
154	include/libpki/pki_x509_req.h
155	include/libpki/pki_x509_signature.h
156	include/libpki/pki_x509_xpair.h
157	include/libpki/pki_x509_xpair_asn1.h
158	include/libpki/profile.h
159	include/libpki/prqp/http_client.h
160	include/libpki/prqp/prqp.h
161	include/libpki/prqp/prqp_asn1.h
162	include/libpki/prqp/prqp_bio.h
163	include/libpki/prqp/prqp_lib.h
164	include/libpki/prqp/prqp_req_io.h
165	include/libpki/prqp/prqp_resp_io.h
166	include/libpki/prqp/prqp_srv.h
167	include/libpki/prqp/prqp_stack.h
168	include/libpki/scep/pki_x509_scep_asn1.h
169	include/libpki/scep/pki_x509_scep_attrs.h
170	include/libpki/scep/pki_x509_scep_data.h
171	include/libpki/scep/pki_x509_scep_msg.h
172	include/libpki/scep/scep.h
173	include/libpki/stack.h
174	include/libpki/support.h
175	include/libpki/token.h
176	include/libpki/token_data.h
177	include/libpki/token_id.h
178	include/libpki/token_st.h
179	lib/libpki.a
180	lib/libpki.so
181	lib/libpki.so.91
182	lib/libpki.so.91.91.3
183	@comment libdata/ldconfig/libpki
184	@comment share/libpki/README.data_structures
185	@comment share/libpki/README.functions
186	@comment share/libpki/doxygen-man.conf
187	@comment share/libpki/doxygen-pdf.conf
188	@comment share/libpki/doxygen.conf
189	@comment share/libpki/pkginfo

Added Link Here

(-)b/security/openca-ocspd/Makefile (+43 lines)
1	# Created by Bruno Damour <bruno@ruomad.net>
2	#
3
4	PORTNAME= openca-ocspd
5	DISTVERSION= 3.1.3-p20211023
6	CATEGORIES= security
7	DISTNAME= openca-ocspd-3.1.3-p20211023
8
9	MAINTAINER= bruno@ruomad.net
10	COMMENT= OpenCA OCSP responder
11
12	LICENSE= APACHE20
13
14	LIB_DEPENDS= libpki.so:security/libpki \
15	libxml2.so:textproc/libxml2
16
17	USES= ssl autoreconf libtool shebangfix
18	USE_GITHUB= yes
19	GH_ACCOUNT= openca
20	GH_TAGNAME= v3.1.2-13-ga779a5e
21	SHEBANG_FILES= etc/ocspd.in scripts/ocspd-genreq.sh.in test/test.sh
22
23	# Add a rc script to start the OCSP daemon
24	USE_RC_SUBR= ocspd
25
26	# Provided patches fix :
27	# - src/config.c and src/crl.c to fix calls PKI_* wrongly using -1 as
28	# second argument (data format) instead of PKI_DATA_FORMAT_UNKNOWN
29	# - src/global-vars.in to add localrootdir (new autoconf versions)
30	# - configure.ac to detect the presence of socket.h :
31	# hence the need to autoreconf
32	PATCH_STRIP= -p0
33
34	GNU_CONFIGURE= yes
35	CONFIGURE_ARGS= --with-libpki-prefix=${PREFIX}
36
37	# Rename installed configuration files to samples
38	post-stage:
39	for f in $$(find ${STAGEDIR}${PREFIX}/etc/ocspd -type f); do \
40	${MV} $$f $$f.sample; \
41	done
42
43	.include <bsd.port.mk>

Added Link Here

(-)b/security/openca-ocspd/files/ocspd.in (+21 lines)
1	#!/bin/sh
2
3	# PROVIDE: ocspd
4	# REQUIRE: NETWORK
5
6	. /etc/rc.subr
7
8	name=ocspd
9	rcvar=ocspd_enable
10
11	pidfile="/var/run/${name}.pid"
12
13	command="%%PREFIX%%/sbin/ocspd"
14	command_args="-c %%PREFIX%%/etc/ocspd/ocspd.xml -d -v"
15
16	load_rc_config ${name}
17	: ${ocspd_enable:=no}
18	: ${ocspd_msg="Nothing started."}
19
20
21	run_rc_command "$1"

Added Link Here

(-)b/security/openca-ocspd/files/patch-config.c (+47 lines)
1	--- src/ocspd/config.c.orig 2020-01-08 19:28:11 UTC
2	+++ src/ocspd/config.c
3	@@ -487,7 +487,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
4	subTmp_s = NULL;
5
6	// Retrieves the CA cert
7	- if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, -1, NULL, NULL ))== NULL)
8	+ if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL ))== NULL)
9	{
10	// Error, can not get the CA certificate from the
11	// provided URL in the configuration
12	@@ -524,7 +524,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
13	}
14
15	// Parses and get the stack of X509_CERT from the PKI_MEM data
16	- if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, -1, NULL)) == NULL) {
17	+ if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, PKI_DATA_FORMAT_UNKNOWN, NULL)) == NULL) {
18
19	// Error, can not get the stack of certs from the CA cert value
20	PKI_log_err("Can not parse cert from /caConfig/caCertValue [CA: %s]",
21	@@ -745,7 +745,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
22	else
23	{
24	// The Server's cert URL is found, let's load the certificate
25	- if ((tmp_cert = PKI_X509_CERT_get(tmp_s, -1, NULL, NULL)) == NULL) {
26	+ if ((tmp_cert = PKI_X509_CERT_get(tmp_s, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL) {
27
28	// Error, can not get the certificate from the URL
29	PKI_log_err("Can not get server's cert [CA: %s, URL: %s]",
30	@@ -857,7 +857,7 @@ int OCSPD_load_crl ( CA_LIST_ENTRY ca, OCSPD_CONFIG
31
32	// Load the new CRL
33	if (( ca->crl = PKI_X509_CRL_get_url(ca->crl_url,
34	- -1, NULL, NULL )) == NULL) {
35	+ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) {
36
37	// Error, can not get the CRL from the URL
38	PKI_log_err("Failed loading CRL for [CA: %s, URL: %s]",
39	@@ -946,7 +946,7 @@ int ocspd_reload_all_ca ( OCSPD_CONFIG *conf ) {
40
41	// Get the CA certificate
42	if ((ca->ca_cert = PKI_X509_CERT_get_url(ca->ca_url,
43	- -1, NULL, NULL )) == NULL) {
44	+ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) {
45
46	// Can not get the CA Cert from the URL
47	PKI_log_err("Can not load CA cert [CA: %s, URL: %s]",

Added Link Here

(-)b/security/openca-ocspd/files/patch-core.c (+46 lines)
1	--- src/ocspd/core.c.orig 2021-10-23 13:37:33.148289000 +0200
2	+++ src/ocspd/core.c 2021-10-23 13:49:04.412933000 +0200
3	@@ -52,13 +52,15 @@
4	}
5
6	rv = PKI_TOKEN_check(ocspd_conf->token);
7	- if (rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR \|
8	- PKI_TOKEN_STATUS_CERT_ERR \|
9	- PKI_TOKEN_STATUS_CACERT_ERR))
10	+ if (rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR \|
11	+ PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR \|
12	+ PKI_TOKEN_STATUS_CERT_MISSING_ERR \|
13	+ PKI_TOKEN_STATUS_CACERT_MISSING_ERR))
14	{
15	- if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL);
16	- if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL);
17	- if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL);
18	+ if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL);
19	+ if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL);
20	+ if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL);
21	+ if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL);
22
23	PKI_log_err("Token Configuration Fatal Error (%d)", rv);
24	exit(rv);
25	@@ -101,13 +103,15 @@
26	}
27
28	rv = PKI_TOKEN_check(ca->token);
29	- if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR \|
30	- PKI_TOKEN_STATUS_CERT_ERR \|
31	- PKI_TOKEN_STATUS_CACERT_ERR))
32	+ if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR \|
33	+ PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR \|
34	+ PKI_TOKEN_STATUS_CERT_MISSING_ERR \|
35	+ PKI_TOKEN_STATUS_CACERT_MISSING_ERR))
36	{
37	- if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_ERR, NULL);
38	- if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_ERR, NULL);
39	- if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_ERR, NULL);
40	+ if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR, NULL);
41	+ if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR, NULL);
42	+ if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_MISSING_ERR, NULL);
43	+ if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_MISSING_ERR, NULL);
44
45	PKI_log_err ( "Token Configuration Fatal Error (%d) for ca %s", rv, ca->ca_id);
46	exit(rv);

Added Link Here

(-)b/security/openca-ocspd/pkg-plist (+20 lines)
1	bin/ocspd-genreq.sh
2	@comment bin/test.sh
3	@comment etc/init.d/ocspd
4	etc/ocspd/ocspd.xml.sample
5	etc/ocspd/pki/token.d/etoken.xml.sample
6	etc/ocspd/pki/token.d/software.xml.sample
7	etc/ocspd/pki/token.d/eracom.xml.sample
8	etc/ocspd/ca.d/collegeca.xml.sample
9	etc/ocspd/ca.d/self-certs.xml.sample
10	libdata/pkgconfig/openca-ocspd.pc
11	sbin/ocspd
12	share/man/man3/ocspd.3.gz
13	share/man/man3/ocspd.conf.3.gz
14	@dir etc/ocspd/ca.d
15	@dir etc/ocspd/certs
16	@dir etc/ocspd/crls
17	@dir etc/ocspd/pki/hsm.d
18	@dir etc/ocspd/pki/profile.d
19	@dir etc/ocspd/private
20	@dir var/run