FreeBSD Bugzilla – Attachment 230462 Details for
Bug 259379
[NEW PORT] security/openca-ocspd security/libpki : OpenCAs OCSP responder
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch against ports tree v2
openca-ocspd.diff (text/plain), 22.79 KB, created by
Bruno Damour
on 2021-12-27 17:53:03 UTC
(
hide
)
Description:
Patch against ports tree v2
Filename:
MIME Type:
Creator:
Bruno Damour
Created:
2021-12-27 17:53:03 UTC
Size:
22.79 KB
patch
obsolete
>diff --git a/security/libpki/Makefile b/security/libpki/Makefile >new file mode 100644 >index 000000000000..2d7a1c62d1b1 >--- /dev/null >+++ b/security/libpki/Makefile >@@ -0,0 +1,46 @@ >+# Created by Bruno Damour <bruno@ruomad.net> >+# >+ >+PORTNAME= libpki >+DISTVERSION= 0.9.1-p20211023 >+CATEGORIES= security >+DISTNAME= libpki-0.9.1-p20211023 >+ >+MAINTAINER= bruno@ruomad.net >+COMMENT= OpenCA PKI library (libpki) and tools >+ >+LICENSE= APACHE20 >+ >+LIB_DEPENDS= libxml2.so:textproc/libxml2 >+ >+USES= ssl autoreconf libtool >+USE_GITHUB= yes >+GH_ACCOUNT= openca >+GH_TAGNAME= v0.8.9-182-ge2e25ab >+ >+USE_LDCONFIG= yes >+ >+# Provided patches fix : >+# - src/pki.config.c to replace a breaking call to strncpy by strcpy >+# - src/global-vars.in to add localrootdir (new autoconf versions) >+# - configure.ac to (i) fix a typo in AC_COMPILE_IFELSE invocation, >+# (ii) not to append mybits to libdir (lib vs lib64) on *bsd*, and >+# (iii) map target arm64 (reported by FreeBSD) to expected x86_64 : >+# hence the need to autoreconf >+PATCH_STRIP= -p0 >+ >+GNU_CONFIGURE= yes >+CONFIGURE_ARGS= --disable-dependency-tracking \ >+ --disable-ldap --disable-mysql --disable-pg \ >+ --disable-dns --disable-iphone \ >+ --with-xml2-prefix=${LOCALBASE} >+INSTALL_TARGET= install-strip >+ >+# Rename installed configuration files to samples >+post-stage: >+ ${MV} ${WRKDIR}/stage${PREFIX}/etc/pki.conf ${WRKDIR}/stage${PREFIX}/etc/pki.conf.sample; \ >+ for f in $$(find ${STAGEDIR}${PREFIX}/etc/libpki -type f); do \ >+ ${MV} $$f $$f.sample; \ >+ done >+ >+.include <bsd.port.mk> >diff --git a/security/libpki/distinfo b/security/libpki/distinfo >new file mode 100644 >index 000000000000..726485030a62 >--- /dev/null >+++ b/security/libpki/distinfo >@@ -0,0 +1,3 @@ >+TIMESTAMP = 1634986583 >+SHA256 (openca-libpki-0.9.1-p20211023-v0.8.9-182-ge2e25ab_GH0.tar.gz) = cb3417288b931f6d9591b6b41d14985a1c88a64ba83428c3a0e13a63edfc8a13 >+SIZE (openca-libpki-0.9.1-p20211023-v0.8.9-182-ge2e25ab_GH0.tar.gz) = 1182943 >diff --git a/security/libpki/files/patch-configure.ac b/security/libpki/files/patch-configure.ac >new file mode 100644 >index 000000000000..8ec3647d3aee >--- /dev/null >+++ b/security/libpki/files/patch-configure.ac >@@ -0,0 +1,36 @@ >+--- configure.ac.orig 2021-01-16 01:14:34.000000000 +0100 >++++ configure.ac 2021-08-27 00:27:57.300484000 +0200 >+@@ -257,6 +257,7 @@ >+ ;; >+ *bsd*) myarch=bsd >+ shlext=so >++ mybits_install="" >+ ;; >+ *iphone*) >+ myarch=iphone >+@@ -298,6 +299,9 @@ >+ x86_64-*) >+ arch_target=x86_64 >+ ;; >++ amd64*-*) >++ arch_target=x86_64 >++ ;; >+ sparc*-*) >+ arch_target=Sparc >+ ;; >+@@ -493,13 +497,13 @@ >+ dnl [ pthread_rw=no ] ) >+ >+ dnl AC_TRY_COMPILE( [ >+-AC_COMPILE_IFELSE( AC_LANG_SOURCE([[ >++AC_COMPILE_IFELSE( [AC_LANG_SOURCE([ >+ #include <sys/types.h> >+ #include <pthread.h> >+ pthread_rwlock_t rwlock=PTHREAD_RWLOCK_INITIALIZER; >+ int main() { >+ return (0); >+-} ]]), >++} ])], >+ [ pthread_rw=yes ] , >+ [ pthread_rw=no ] ) >+ >diff --git a/security/libpki/files/patch-global-vars.in b/security/libpki/files/patch-global-vars.in >new file mode 100644 >index 000000000000..3da6cfd4ec75 >--- /dev/null >+++ b/security/libpki/files/patch-global-vars.in >@@ -0,0 +1,10 @@ >+--- src/global-vars.in.orig 2021-01-16 01:14:34.000000000 +0100 >++++ src/global-vars.in 2021-08-25 14:58:51.219021000 +0200 >+@@ -20,6 +20,7 @@ >+ DEST_SBINDIR = $(DESTDIR)@sbindir@ >+ DEST_BINDIR = $(DESTDIR)@bindir@ >+ DEST_LIBDIR = $(DESTDIR)@libdir@ >++DEST_DATADIR = @datarootdir@ >+ DEST_DATADIR = @datadir@ >+ DEST_INFODIR = @infodir@ >+ DEST_MANDIR = @mandir@ >diff --git a/security/libpki/files/patch-pki_config.c b/security/libpki/files/patch-pki_config.c >new file mode 100644 >index 000000000000..26c465266ff0 >--- /dev/null >+++ b/security/libpki/files/patch-pki_config.c >@@ -0,0 +1,11 @@ >+--- src/pki_config.c.orig 2021-01-16 00:14:34 UTC >++++ src/pki_config.c >+@@ -83,7 +83,7 @@ static char * _xml_search_namespace_add ( char *search >+ PKI_Free( my_arg ); >+ >+ ret = PKI_Malloc ( strlen( my_search ) + 1); >+- strncpy( ret, my_search, strlen(my_search) ); >++ strcpy( ret, my_search ); >+ >+ PKI_Free ( my_search ); >+ return( ret ); >diff --git a/security/libpki/pkg-descr b/security/libpki/pkg-descr >new file mode 100644 >index 000000000000..340bf48e1d42 >--- /dev/null >+++ b/security/libpki/pkg-descr >@@ -0,0 +1,5 @@ >+OpenCA LibPKI provides an easy-to-use PKI library for PKI enabled application development. >+The library provides the developer with all the needed functionalities to manage certificates, >+from generation to validation. >+ >+WWW: https://www.openca.org/projects/libpki >diff --git a/security/libpki/pkg-plist b/security/libpki/pkg-plist >new file mode 100644 >index 000000000000..20d66225f94c >--- /dev/null >+++ b/security/libpki/pkg-plist >@@ -0,0 +1,189 @@ >+bin/libpki-config >+bin/pki-cert >+bin/pki-crl >+bin/pki-derenc >+bin/pki-query >+bin/pki-request >+bin/pki-siginfo >+bin/pki-tool >+bin/pki-xpair >+bin/url-tool >+etc/libpki/hsm.d/eracom-sdk.xml.sample >+etc/libpki/hsm.d/etoken-engine.xml.sample >+etc/libpki/hsm.d/etoken-pkcs11.xml.sample >+etc/libpki/hsm.d/etoken.xml.sample >+etc/libpki/hsm.d/opencryptoki.xml.sample >+etc/libpki/hsm.d/tpm.xml.sample >+etc/libpki/objectIdentifiers.xml.sample >+etc/libpki/profile.d/crl.xml.sample >+etc/libpki/profile.d/server.xml.sample >+etc/libpki/profile.d/test.xml.sample >+etc/libpki/profile.d/user.xml.sample >+etc/libpki/store.d/empty.xml.sample >+etc/libpki/token.d/default.xml.sample >+etc/libpki/token.d/eracom.xml.sample >+etc/libpki/token.d/etoken-engine.xml.sample >+etc/libpki/token.d/etoken.xml.sample >+etc/libpki/token.d/opencryptoki.xml.sample >+etc/libpki/token.d/software.xml.sample >+etc/libpki/token.d/test.xml.sample >+etc/libpki/token.d/tpm.xml.sample >+etc/pki.conf.sample >+@comment include/internal/ossl_1_0_x/cms_lcl.h >+@comment include/internal/ossl_1_1_0/cms_lcl.h >+@comment include/internal/ossl_1_1_0/ocsp_lcl.h >+@comment include/internal/ossl_1_1_0/x509_int.h >+@comment include/internal/ossl_1_1_0/x509_lcl.h >+@comment include/internal/ossl_1_1_1/cms_lcl.h >+@comment include/internal/ossl_1_1_1/ocsp_lcl.h >+@comment include/internal/ossl_1_1_1/refcount.h >+@comment include/internal/ossl_1_1_1/x509_int.h >+@comment include/internal/ossl_1_1_1/x509_lcl.h >+include/libpki/banners.h >+include/libpki/cmc.h >+include/libpki/cmc/cmc_cert_req.h >+include/libpki/compat.h >+include/libpki/config.h >+include/libpki/crypto.h >+include/libpki/datatypes.h >+include/libpki/drivers/engine/data_st.h >+include/libpki/drivers/engine/engine_hsm.h >+include/libpki/drivers/engine/engine_hsm_obj.h >+include/libpki/drivers/engine/engine_hsm_pkey.h >+include/libpki/drivers/engine/engine_st.h >+include/libpki/drivers/hsm_keypair.h >+include/libpki/drivers/hsm_main.h >+include/libpki/drivers/hsm_slot.h >+include/libpki/drivers/kmf/data_st.h >+include/libpki/drivers/kmf/kmf_hsm.h >+include/libpki/drivers/kmf/kmf_hsm_engine.h >+include/libpki/drivers/kmf/kmf_hsm_pkey.h >+include/libpki/drivers/kmf/kmf_hsm_sign.h >+include/libpki/drivers/kmf/pki_kmflib.h >+include/libpki/drivers/openssl/data_st.h >+include/libpki/drivers/openssl/openssl_hsm.h >+include/libpki/drivers/openssl/openssl_hsm_cb.h >+include/libpki/drivers/openssl/openssl_hsm_obj.h >+include/libpki/drivers/openssl/openssl_hsm_pkey.h >+include/libpki/drivers/pkcs11/pkcs11_hsm.h >+include/libpki/drivers/pkcs11/pkcs11_hsm_obj.h >+include/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h >+include/libpki/drivers/pkcs11/pkcs11_utils.h >+include/libpki/drivers/pkcs11/rsa/cryptoki.h >+include/libpki/drivers/pkcs11/rsa/pkcs11.h >+include/libpki/drivers/pkcs11/rsa/pkcs11_func.h >+include/libpki/drivers/pkcs11/rsa/pkcs11f.h >+include/libpki/drivers/pkcs11/rsa/pkcs11t.h >+include/libpki/errors-new.h >+include/libpki/errors.h >+include/libpki/est/est.h >+include/libpki/est/pki_x509_est_asn1.h >+include/libpki/est/pki_x509_est_attrs.h >+include/libpki/est/pki_x509_est_data.h >+include/libpki/est/pki_x509_est_msg.h >+include/libpki/extensions.h >+include/libpki/hsm_st.h >+include/libpki/io/pki_keypair_io.h >+include/libpki/io/pki_msg_req_io.h >+include/libpki/io/pki_msg_resp_io.h >+include/libpki/io/pki_ocsp_req_io.h >+include/libpki/io/pki_ocsp_resp_io.h >+include/libpki/io/pki_x509_cert_io.h >+include/libpki/io/pki_x509_cms_io.h >+include/libpki/io/pki_x509_crl_io.h >+include/libpki/io/pki_x509_io.h >+include/libpki/io/pki_x509_p12_io.h >+include/libpki/io/pki_x509_pkcs7_io.h >+include/libpki/io/pki_x509_req_io.h >+include/libpki/io/pki_x509_xpair_io.h >+include/libpki/libpkiv.h >+include/libpki/net/dns.h >+include/libpki/net/http_s.h >+include/libpki/net/ldap.h >+include/libpki/net/pkcs11.h >+include/libpki/net/pki_mysql.h >+include/libpki/net/pki_pg.h >+include/libpki/net/pki_socket.h >+include/libpki/net/sock.h >+include/libpki/net/ssl.h >+include/libpki/net/url.h >+include/libpki/openssl/data_st.h >+include/libpki/openssl/pthread_init.h >+include/libpki/os.h >+include/libpki/pki.h >+include/libpki/pki_algor.h >+include/libpki/pki_conf.h >+include/libpki/pki_config.h >+include/libpki/pki_cred.h >+include/libpki/pki_digest.h >+include/libpki/pki_err.h >+include/libpki/pki_hmac.h >+include/libpki/pki_id.h >+include/libpki/pki_id_info.h >+include/libpki/pki_init.h >+include/libpki/pki_integer.h >+include/libpki/pki_io.h >+include/libpki/pki_keypair.h >+include/libpki/pki_keyparams.h >+include/libpki/pki_log.h >+include/libpki/pki_mem.h >+include/libpki/pki_msg.h >+include/libpki/pki_msg_req.h >+include/libpki/pki_msg_resp.h >+include/libpki/pki_ocsp_req.h >+include/libpki/pki_ocsp_resp.h >+include/libpki/pki_oid.h >+include/libpki/pki_string.h >+include/libpki/pki_threads.h >+include/libpki/pki_threads_vars.h >+include/libpki/pki_time.h >+include/libpki/pki_x509.h >+include/libpki/pki_x509_attribute.h >+include/libpki/pki_x509_cert.h >+include/libpki/pki_x509_cert_mem.h >+include/libpki/pki_x509_cms.h >+include/libpki/pki_x509_crl.h >+include/libpki/pki_x509_data_st.h >+include/libpki/pki_x509_extension.h >+include/libpki/pki_x509_mem.h >+include/libpki/pki_x509_mime.h >+include/libpki/pki_x509_name.h >+include/libpki/pki_x509_p12.h >+include/libpki/pki_x509_pkcs7.h >+include/libpki/pki_x509_profile.h >+include/libpki/pki_x509_req.h >+include/libpki/pki_x509_signature.h >+include/libpki/pki_x509_xpair.h >+include/libpki/pki_x509_xpair_asn1.h >+include/libpki/profile.h >+include/libpki/prqp/http_client.h >+include/libpki/prqp/prqp.h >+include/libpki/prqp/prqp_asn1.h >+include/libpki/prqp/prqp_bio.h >+include/libpki/prqp/prqp_lib.h >+include/libpki/prqp/prqp_req_io.h >+include/libpki/prqp/prqp_resp_io.h >+include/libpki/prqp/prqp_srv.h >+include/libpki/prqp/prqp_stack.h >+include/libpki/scep/pki_x509_scep_asn1.h >+include/libpki/scep/pki_x509_scep_attrs.h >+include/libpki/scep/pki_x509_scep_data.h >+include/libpki/scep/pki_x509_scep_msg.h >+include/libpki/scep/scep.h >+include/libpki/stack.h >+include/libpki/support.h >+include/libpki/token.h >+include/libpki/token_data.h >+include/libpki/token_id.h >+include/libpki/token_st.h >+lib/libpki.a >+lib/libpki.so >+lib/libpki.so.91 >+lib/libpki.so.91.91.3 >+@comment libdata/ldconfig/libpki >+@comment share/libpki/README.data_structures >+@comment share/libpki/README.functions >+@comment share/libpki/doxygen-man.conf >+@comment share/libpki/doxygen-pdf.conf >+@comment share/libpki/doxygen.conf >+@comment share/libpki/pkginfo >diff --git a/security/openca-ocspd/Makefile b/security/openca-ocspd/Makefile >new file mode 100644 >index 000000000000..a8c44c25f2cb >--- /dev/null >+++ b/security/openca-ocspd/Makefile >@@ -0,0 +1,43 @@ >+# Created by Bruno Damour <bruno@ruomad.net> >+# >+ >+PORTNAME= openca-ocspd >+DISTVERSION= 3.1.3-p20211227 >+CATEGORIES= security >+DISTNAME= openca-ocspd-3.1.3-p20211227 >+ >+MAINTAINER= bruno@ruomad.net >+COMMENT= OpenCA OCSP responder >+ >+LICENSE= APACHE20 >+ >+LIB_DEPENDS= libpki.so:security/libpki \ >+ libxml2.so:textproc/libxml2 >+ >+USES= ssl autoreconf libtool shebangfix >+USE_GITHUB= yes >+GH_ACCOUNT= openca >+GH_TAGNAME= v3.1.2-13-ga779a5e >+SHEBANG_FILES= etc/ocspd.in scripts/ocspd-genreq.sh.in test/test.sh >+ >+# Add a rc script to start the OCSP daemon >+USE_RC_SUBR= ocspd >+ >+# Provided patches fix : >+# - src/config.c and src/crl.c to fix calls PKI_* wrongly using -1 as >+# second argument (data format) instead of PKI_DATA_FORMAT_UNKNOWN >+# - src/global-vars.in to add localrootdir (new autoconf versions) >+# - configure.ac to detect the presence of socket.h : >+# hence the need to autoreconf >+PATCH_STRIP= -p0 >+ >+GNU_CONFIGURE= yes >+CONFIGURE_ARGS= --with-libpki-prefix=${PREFIX} >+ >+# Rename installed configuration files to samples >+post-stage: >+ for f in $$(find ${STAGEDIR}${PREFIX}/etc/ocspd -type f); do \ >+ ${MV} $$f $$f.sample; \ >+ done >+ >+.include <bsd.port.mk> >diff --git a/security/openca-ocspd/distinfo b/security/openca-ocspd/distinfo >new file mode 100644 >index 000000000000..a889a5b9cbd6 >--- /dev/null >+++ b/security/openca-ocspd/distinfo >@@ -0,0 +1,3 @@ >+TIMESTAMP = 1640618775 >+SHA256 (openca-openca-ocspd-3.1.3-p20211227-v3.1.2-13-ga779a5e_GH0.tar.gz) = 42964c883a8f53c7b2fe403edbe32e9f3b2111fec72fce6726e660671b01c8b6 >+SIZE (openca-openca-ocspd-3.1.3-p20211227-v3.1.2-13-ga779a5e_GH0.tar.gz) = 594630 >diff --git a/security/openca-ocspd/files/ocspd.in b/security/openca-ocspd/files/ocspd.in >new file mode 100755 >index 000000000000..dc813fc1fe86 >--- /dev/null >+++ b/security/openca-ocspd/files/ocspd.in >@@ -0,0 +1,21 @@ >+#!/bin/sh >+ >+# PROVIDE: ocspd >+# REQUIRE: NETWORK >+ >+. /etc/rc.subr >+ >+name=ocspd >+rcvar=ocspd_enable >+ >+pidfile="/var/run/${name}.pid" >+ >+command="%%PREFIX%%/sbin/ocspd" >+command_args="-c %%PREFIX%%/etc/ocspd/ocspd.xml -d -v" >+ >+load_rc_config ${name} >+: ${ocspd_enable:=no} >+: ${ocspd_msg="Nothing started."} >+ >+ >+run_rc_command "$1" >diff --git a/security/openca-ocspd/files/patch-config.c b/security/openca-ocspd/files/patch-config.c >new file mode 100644 >index 000000000000..2e01372f0b5b >--- /dev/null >+++ b/security/openca-ocspd/files/patch-config.c >@@ -0,0 +1,47 @@ >+--- src/ocspd/config.c.orig 2020-01-08 19:28:11 UTC >++++ src/ocspd/config.c >+@@ -487,7 +487,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, >+ subTmp_s = NULL; >+ >+ // Retrieves the CA cert >+- if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, -1, NULL, NULL ))== NULL) >++ if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL ))== NULL) >+ { >+ // Error, can not get the CA certificate from the >+ // provided URL in the configuration >+@@ -524,7 +524,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, >+ } >+ >+ // Parses and get the stack of X509_CERT from the PKI_MEM data >+- if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, -1, NULL)) == NULL) { >++ if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, PKI_DATA_FORMAT_UNKNOWN, NULL)) == NULL) { >+ >+ // Error, can not get the stack of certs from the CA cert value >+ PKI_log_err("Can not parse cert from /caConfig/caCertValue [CA: %s]", >+@@ -745,7 +745,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, >+ else >+ { >+ // The Server's cert URL is found, let's load the certificate >+- if ((tmp_cert = PKI_X509_CERT_get(tmp_s, -1, NULL, NULL)) == NULL) { >++ if ((tmp_cert = PKI_X509_CERT_get(tmp_s, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL) { >+ >+ // Error, can not get the certificate from the URL >+ PKI_log_err("Can not get server's cert [CA: %s, URL: %s]", >+@@ -857,7 +857,7 @@ int OCSPD_load_crl ( CA_LIST_ENTRY *ca, OCSPD_CONFIG * >+ >+ // Load the new CRL >+ if (( ca->crl = PKI_X509_CRL_get_url(ca->crl_url, >+- -1, NULL, NULL )) == NULL) { >++ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) { >+ >+ // Error, can not get the CRL from the URL >+ PKI_log_err("Failed loading CRL for [CA: %s, URL: %s]", >+@@ -946,7 +946,7 @@ int ocspd_reload_all_ca ( OCSPD_CONFIG *conf ) { >+ >+ // Get the CA certificate >+ if ((ca->ca_cert = PKI_X509_CERT_get_url(ca->ca_url, >+- -1, NULL, NULL )) == NULL) { >++ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) { >+ >+ // Can not get the CA Cert from the URL >+ PKI_log_err("Can not load CA cert [CA: %s, URL: %s]", >diff --git a/security/openca-ocspd/files/patch-configure.ac b/security/openca-ocspd/files/patch-configure.ac >new file mode 100644 >index 000000000000..55f26b945a2a >--- /dev/null >+++ b/security/openca-ocspd/files/patch-configure.ac >@@ -0,0 +1,11 @@ >+--- configure.ac.orig 2020-01-08 20:28:11.000000000 +0100 >++++ configure.ac 2021-08-25 14:58:50.324390000 +0200 >+@@ -147,7 +147,7 @@ >+ dnl Checks for programs. >+ dnl AC_CONFIG_HEADERS >+ AC_STDC_HEADERS >+-AC_HAVE_HEADERS(string.h stdio.h stdlib.h fcntl.h sys/file.h sys/param.h sys/sem.h sys/ipc.h) >++AC_HAVE_HEADERS(string.h stdio.h stdlib.h fcntl.h sys/file.h sys/param.h sys/sem.h sys/ipc.h sys/socket.h) >+ >+ AC_CONFIG_HEADERS(src/ocspd/includes/config.h) >+ >diff --git a/security/openca-ocspd/files/patch-core.c b/security/openca-ocspd/files/patch-core.c >new file mode 100644 >index 000000000000..fd04668dad62 >--- /dev/null >+++ b/security/openca-ocspd/files/patch-core.c >@@ -0,0 +1,46 @@ >+--- src/ocspd/core.c.orig 2021-10-23 13:37:33.148289000 +0200 >++++ src/ocspd/core.c 2021-10-23 13:49:04.412933000 +0200 >+@@ -52,13 +52,15 @@ >+ } >+ >+ rv = PKI_TOKEN_check(ocspd_conf->token); >+- if (rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR | >+- PKI_TOKEN_STATUS_CERT_ERR | >+- PKI_TOKEN_STATUS_CACERT_ERR)) >++ if (rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR | >++ PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR | >++ PKI_TOKEN_STATUS_CERT_MISSING_ERR | >++ PKI_TOKEN_STATUS_CACERT_MISSING_ERR)) >+ { >+- if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL); >+- if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL); >+- if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL); >++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL); >++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL); >++ if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL); >++ if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL); >+ >+ PKI_log_err("Token Configuration Fatal Error (%d)", rv); >+ exit(rv); >+@@ -101,13 +103,15 @@ >+ } >+ >+ rv = PKI_TOKEN_check(ca->token); >+- if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR | >+- PKI_TOKEN_STATUS_CERT_ERR | >+- PKI_TOKEN_STATUS_CACERT_ERR)) >++ if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR | >++ PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR | >++ PKI_TOKEN_STATUS_CERT_MISSING_ERR | >++ PKI_TOKEN_STATUS_CACERT_MISSING_ERR)) >+ { >+- if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_ERR, NULL); >+- if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_ERR, NULL); >+- if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_ERR, NULL); >++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR, NULL); >++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR, NULL); >++ if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_MISSING_ERR, NULL); >++ if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_MISSING_ERR, NULL); >+ >+ PKI_log_err ( "Token Configuration Fatal Error (%d) for ca %s", rv, ca->ca_id); >+ exit(rv); >diff --git a/security/openca-ocspd/files/patch-crl.c b/security/openca-ocspd/files/patch-crl.c >new file mode 100644 >index 000000000000..8d7622810feb >--- /dev/null >+++ b/security/openca-ocspd/files/patch-crl.c >@@ -0,0 +1,11 @@ >+--- src/ocspd/crl.c.orig 2020-01-08 19:28:11 UTC >++++ src/ocspd/crl.c >+@@ -49,7 +49,7 @@ int ocspd_load_ca_crl(CA_LIST_ENTRY *caEntry, OCSPD_CO >+ >+ // We now re-load the CRL >+ if( (caEntry->crl = PKI_X509_CRL_get_url(caEntry->crl_url, >+- -1, NULL, NULL)) == NULL ) { >++ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL ) { >+ PKI_log_err("Can not reload CRL [CA: %s, URL: %s]", >+ caEntry->ca_id, caEntry->crl_url->url_s); >+ PKI_RWLOCK_release_write(&conf->crl_lock); >diff --git a/security/openca-ocspd/files/patch-global-vars.in b/security/openca-ocspd/files/patch-global-vars.in >new file mode 100644 >index 000000000000..ece98ae81142 >--- /dev/null >+++ b/security/openca-ocspd/files/patch-global-vars.in >@@ -0,0 +1,10 @@ >+--- src/global-vars.in.orig 2020-01-08 19:28:11 UTC >++++ src/global-vars.in >+@@ -12,6 +12,7 @@ doc_prefix = $(DESTDIR)${datadir}/openca-prqpd >+ DEST_SBINDIR = $(DESTDIR)@sbindir@ >+ DEST_BINDIR = $(DESTDIR)@bindir@ >+ DEST_LIBDIR = $(DESTDIR)@libdir@ >++DEST_DATADIR = @datarootdir@ >+ DEST_DATADIR = @datadir@ >+ DEST_INFODIR = @infodir@ >+ DEST_MANDIR = @mandir@ >diff --git a/security/openca-ocspd/files/patch-includes_general.h b/security/openca-ocspd/files/patch-includes_general.h >new file mode 100644 >index 000000000000..1fe5daa39abd >--- /dev/null >+++ b/security/openca-ocspd/files/patch-includes_general.h >@@ -0,0 +1,11 @@ >+--- src/ocspd/includes/general.h.orig 2020-01-08 19:28:11 UTC >++++ src/ocspd/includes/general.h >+@@ -15,6 +15,8 @@ >+ # define ATTRIBUTE_NO_SANITIZE_ADDRESS >+ #endif >+ >++#include "config.h" >++ >+ #include <libpki/pki.h> >+ #include <libpki/libpkiv.h> >+ >diff --git a/security/openca-ocspd/files/patch-response.c b/security/openca-ocspd/files/patch-response.c >new file mode 100644 >index 000000000000..ef9e3452b5c6 >--- /dev/null >+++ b/security/openca-ocspd/files/patch-response.c >@@ -0,0 +1,11 @@ >+--- src/ocspd/response.c.orig 2021-12-27 16:10:15.192943000 +0100 >++++ src/ocspd/response.c 2021-12-27 16:16:37.651720000 +0100 >+@@ -454,7 +454,7 @@ >+ >+ #if OPENSSL_VERSION_NUMBER >= 0x1010000fL >+ if ((PKI_X509_OCSP_RESP_add(resp, cid, PKI_OCSP_CERTSTATUS_REVOKED, >+- X509_REVOKED_get0_serialNumber(entry), thisupd, >++ X509_REVOKED_get0_revocationDate(entry), thisupd, >+ nextupd, reason, ext )) == PKI_ERR) >+ #else >+ if ((PKI_X509_OCSP_RESP_add(resp, cid, PKI_OCSP_CERTSTATUS_REVOKED, >diff --git a/security/openca-ocspd/pkg-descr b/security/openca-ocspd/pkg-descr >new file mode 100644 >index 000000000000..b00121b12c47 >--- /dev/null >+++ b/security/openca-ocspd/pkg-descr >@@ -0,0 +1,6 @@ >+OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder. >+The server is a stand-alone application and can be integrated into many different PKI solutions >+as it does not depend on specific database scheme. >+Furthermore it can be used as a responder for multiple CAs. >+ >+WWW: https://www.openca.org/projects/ocspd >diff --git a/security/openca-ocspd/pkg-plist b/security/openca-ocspd/pkg-plist >new file mode 100644 >index 000000000000..9f1b2eaea61b >--- /dev/null >+++ b/security/openca-ocspd/pkg-plist >@@ -0,0 +1,20 @@ >+bin/ocspd-genreq.sh >+@comment bin/test.sh >+@comment etc/init.d/ocspd >+etc/ocspd/ocspd.xml.sample >+etc/ocspd/pki/token.d/etoken.xml.sample >+etc/ocspd/pki/token.d/software.xml.sample >+etc/ocspd/pki/token.d/eracom.xml.sample >+etc/ocspd/ca.d/collegeca.xml.sample >+etc/ocspd/ca.d/self-certs.xml.sample >+libdata/pkgconfig/openca-ocspd.pc >+sbin/ocspd >+share/man/man3/ocspd.3.gz >+share/man/man3/ocspd.conf.3.gz >+@dir etc/ocspd/ca.d >+@dir etc/ocspd/certs >+@dir etc/ocspd/crls >+@dir etc/ocspd/pki/hsm.d >+@dir etc/ocspd/pki/profile.d >+@dir etc/ocspd/private >+@dir var/run
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=230462">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 259379
:
228965
|
230462
|
234687
|
234691