Attachment 151202 Details for Bug 196431 – Fix broken SSL verification for software using Ports OpenSSL

[patch] Fix broken SSL verification for software using Ports OpenSSL

ca_root_nss-fix-ssl-verification-for-ports-OpenSSL.diff (text/plain), 2.95 KB, created by Kubilay Kocak on 2015-01-02 06:45:13 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kubilay Kocak

Created: 2015-01-02 06:45:13 UTC

Size: 2.95 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 375867)
>+++ Makefile	(working copy)
>@@ -2,16 +2,19 @@
> 
> PORTNAME=	ca_root_nss
> PORTVERSION=	${VERSION_NSS}
>-PORTREVISION=	1
>+PORTREVISION=	2
> CATEGORIES=	security
> MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
> DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
> 
> MAINTAINER=	gecko@FreeBSD.org
>-COMMENT=	The root certificate bundle from the Mozilla Project
>+COMMENT=	Root certificate bundle from the Mozilla Project
> 
>-OPTIONS_DEFINE=	ETCSYMLINK
>+OPTIONS_DEFINE=		ETCSYMLINK
>+OPTIONS_SUB=		yes
>+
> ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem
>+ETCSYMLINK_CONFLICTS=	ca-roots-[0-9]*
> 
> USES=		perl5
> USE_PERL5=	build
>@@ -26,6 +29,7 @@
> # !!!  Please DO NOT submit patches for new version until it has !!!
> # !!!  been committed there first.                               !!!
> # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>+
> VERSION_NSS=	3.17.3
> #NSS_SUFFIX=	.with.ckbi.1.93
> CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt
>@@ -35,13 +39,6 @@
> 
> .include <bsd.port.options.mk>
> 
>-.if ${PORT_OPTIONS:METCSYMLINK}
>-PLIST_SUB+=	ETCSYMLINK=
>-CONFLICTS=	ca-roots-[0-9]*
>-.else
>-PLIST_SUB+=	ETCSYMLINK="@comment "
>-.endif
>-
> do-extract:
> 	@${MKDIR} ${WRKDIR}
> 	@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \
>@@ -65,5 +62,7 @@
> .endif
> 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl
> 	${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem
>+	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
>+	${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem
> 
> .include <bsd.port.mk>
>Index: pkg-message
>===================================================================
>--- pkg-message	(revision 0)
>+++ pkg-message	(working copy)
>@@ -0,0 +1,23 @@
>+********************************* WARNING *********************************
>+
>+FreeBSD does not, and can not warrant that the certificate authorities
>+whose certificates are included in this package have in any way been
>+audited for trustworthiness or RFC 3647 compliance.
>+
>+Assessment and verification of trust is the complete responsibility of the
>+system administrator.
>+
>+*********************************** NOTE **********************************
>+
>+This package installs symlinks to support root certificates discovery by
>+default for software that uses OpenSSL.
>+
>+This enables SSL Certificate Verification by client software without manual
>+intervention.
>+
>+If you prefer to do this manually, remove the following symlinks:
>+
>+  * /etc/ssl/cert.pem
>+  * /usr/local/openssl/cert.pem
>+
>+***************************************************************************
>Index: pkg-plist
>===================================================================
>--- pkg-plist	(revision 375867)
>+++ pkg-plist	(working copy)
>@@ -1,3 +1,4 @@
> %%CERTDIR%%/ca-root-nss.crt
> etc/ssl/cert.pem
>+openssl/cert.pem
> %%ETCSYMLINK%%/etc/ssl/cert.pem

Actions: View | Diff

Attachments on bug 196431: 151202 | 151211 | 152293