diff --git a/security/libpki/Makefile b/security/libpki/Makefile new file mode 100644 index 000000000000..2d7a1c62d1b1 --- /dev/null +++ b/security/libpki/Makefile @@ -0,0 +1,46 @@ +# Created by Bruno Damour +# + +PORTNAME= libpki +DISTVERSION= 0.9.1-p20211023 +CATEGORIES= security +DISTNAME= libpki-0.9.1-p20211023 + +MAINTAINER= bruno@ruomad.net +COMMENT= OpenCA PKI library (libpki) and tools + +LICENSE= APACHE20 + +LIB_DEPENDS= libxml2.so:textproc/libxml2 + +USES= ssl autoreconf libtool +USE_GITHUB= yes +GH_ACCOUNT= openca +GH_TAGNAME= v0.8.9-182-ge2e25ab + +USE_LDCONFIG= yes + +# Provided patches fix : +# - src/pki.config.c to replace a breaking call to strncpy by strcpy +# - src/global-vars.in to add localrootdir (new autoconf versions) +# - configure.ac to (i) fix a typo in AC_COMPILE_IFELSE invocation, +# (ii) not to append mybits to libdir (lib vs lib64) on *bsd*, and +# (iii) map target arm64 (reported by FreeBSD) to expected x86_64 : +# hence the need to autoreconf +PATCH_STRIP= -p0 + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --disable-dependency-tracking \ + --disable-ldap --disable-mysql --disable-pg \ + --disable-dns --disable-iphone \ + --with-xml2-prefix=${LOCALBASE} +INSTALL_TARGET= install-strip + +# Rename installed configuration files to samples +post-stage: + ${MV} ${WRKDIR}/stage${PREFIX}/etc/pki.conf ${WRKDIR}/stage${PREFIX}/etc/pki.conf.sample; \ + for f in $$(find ${STAGEDIR}${PREFIX}/etc/libpki -type f); do \ + ${MV} $$f $$f.sample; \ + done + +.include diff --git a/security/libpki/distinfo b/security/libpki/distinfo new file mode 100644 index 000000000000..726485030a62 --- /dev/null +++ b/security/libpki/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1634986583 +SHA256 (openca-libpki-0.9.1-p20211023-v0.8.9-182-ge2e25ab_GH0.tar.gz) = cb3417288b931f6d9591b6b41d14985a1c88a64ba83428c3a0e13a63edfc8a13 +SIZE (openca-libpki-0.9.1-p20211023-v0.8.9-182-ge2e25ab_GH0.tar.gz) = 1182943 diff --git a/security/libpki/files/patch-configure.ac b/security/libpki/files/patch-configure.ac new file mode 100644 index 000000000000..8ec3647d3aee --- /dev/null +++ b/security/libpki/files/patch-configure.ac @@ -0,0 +1,36 @@ +--- configure.ac.orig 2021-01-16 01:14:34.000000000 +0100 ++++ configure.ac 2021-08-27 00:27:57.300484000 +0200 +@@ -257,6 +257,7 @@ + ;; + *bsd*) myarch=bsd + shlext=so ++ mybits_install="" + ;; + *iphone*) + myarch=iphone +@@ -298,6 +299,9 @@ + x86_64-*) + arch_target=x86_64 + ;; ++ amd64*-*) ++ arch_target=x86_64 ++ ;; + sparc*-*) + arch_target=Sparc + ;; +@@ -493,13 +497,13 @@ + dnl [ pthread_rw=no ] ) + + dnl AC_TRY_COMPILE( [ +-AC_COMPILE_IFELSE( AC_LANG_SOURCE([[ ++AC_COMPILE_IFELSE( [AC_LANG_SOURCE([ + #include + #include + pthread_rwlock_t rwlock=PTHREAD_RWLOCK_INITIALIZER; + int main() { + return (0); +-} ]]), ++} ])], + [ pthread_rw=yes ] , + [ pthread_rw=no ] ) + diff --git a/security/libpki/files/patch-global-vars.in b/security/libpki/files/patch-global-vars.in new file mode 100644 index 000000000000..3da6cfd4ec75 --- /dev/null +++ b/security/libpki/files/patch-global-vars.in @@ -0,0 +1,10 @@ +--- src/global-vars.in.orig 2021-01-16 01:14:34.000000000 +0100 ++++ src/global-vars.in 2021-08-25 14:58:51.219021000 +0200 +@@ -20,6 +20,7 @@ + DEST_SBINDIR = $(DESTDIR)@sbindir@ + DEST_BINDIR = $(DESTDIR)@bindir@ + DEST_LIBDIR = $(DESTDIR)@libdir@ ++DEST_DATADIR = @datarootdir@ + DEST_DATADIR = @datadir@ + DEST_INFODIR = @infodir@ + DEST_MANDIR = @mandir@ diff --git a/security/libpki/files/patch-pki_config.c b/security/libpki/files/patch-pki_config.c new file mode 100644 index 000000000000..26c465266ff0 --- /dev/null +++ b/security/libpki/files/patch-pki_config.c @@ -0,0 +1,11 @@ +--- src/pki_config.c.orig 2021-01-16 00:14:34 UTC ++++ src/pki_config.c +@@ -83,7 +83,7 @@ static char * _xml_search_namespace_add ( char *search + PKI_Free( my_arg ); + + ret = PKI_Malloc ( strlen( my_search ) + 1); +- strncpy( ret, my_search, strlen(my_search) ); ++ strcpy( ret, my_search ); + + PKI_Free ( my_search ); + return( ret ); diff --git a/security/libpki/pkg-descr b/security/libpki/pkg-descr new file mode 100644 index 000000000000..340bf48e1d42 --- /dev/null +++ b/security/libpki/pkg-descr @@ -0,0 +1,5 @@ +OpenCA LibPKI provides an easy-to-use PKI library for PKI enabled application development. +The library provides the developer with all the needed functionalities to manage certificates, +from generation to validation. + +WWW: https://www.openca.org/projects/libpki diff --git a/security/libpki/pkg-plist b/security/libpki/pkg-plist new file mode 100644 index 000000000000..20d66225f94c --- /dev/null +++ b/security/libpki/pkg-plist @@ -0,0 +1,189 @@ +bin/libpki-config +bin/pki-cert +bin/pki-crl +bin/pki-derenc +bin/pki-query +bin/pki-request +bin/pki-siginfo +bin/pki-tool +bin/pki-xpair +bin/url-tool +etc/libpki/hsm.d/eracom-sdk.xml.sample +etc/libpki/hsm.d/etoken-engine.xml.sample +etc/libpki/hsm.d/etoken-pkcs11.xml.sample +etc/libpki/hsm.d/etoken.xml.sample +etc/libpki/hsm.d/opencryptoki.xml.sample +etc/libpki/hsm.d/tpm.xml.sample +etc/libpki/objectIdentifiers.xml.sample +etc/libpki/profile.d/crl.xml.sample +etc/libpki/profile.d/server.xml.sample +etc/libpki/profile.d/test.xml.sample +etc/libpki/profile.d/user.xml.sample +etc/libpki/store.d/empty.xml.sample +etc/libpki/token.d/default.xml.sample +etc/libpki/token.d/eracom.xml.sample +etc/libpki/token.d/etoken-engine.xml.sample +etc/libpki/token.d/etoken.xml.sample +etc/libpki/token.d/opencryptoki.xml.sample +etc/libpki/token.d/software.xml.sample +etc/libpki/token.d/test.xml.sample +etc/libpki/token.d/tpm.xml.sample +etc/pki.conf.sample +@comment include/internal/ossl_1_0_x/cms_lcl.h +@comment include/internal/ossl_1_1_0/cms_lcl.h +@comment include/internal/ossl_1_1_0/ocsp_lcl.h +@comment include/internal/ossl_1_1_0/x509_int.h +@comment include/internal/ossl_1_1_0/x509_lcl.h +@comment include/internal/ossl_1_1_1/cms_lcl.h +@comment include/internal/ossl_1_1_1/ocsp_lcl.h +@comment include/internal/ossl_1_1_1/refcount.h +@comment include/internal/ossl_1_1_1/x509_int.h +@comment include/internal/ossl_1_1_1/x509_lcl.h +include/libpki/banners.h +include/libpki/cmc.h +include/libpki/cmc/cmc_cert_req.h +include/libpki/compat.h +include/libpki/config.h +include/libpki/crypto.h +include/libpki/datatypes.h +include/libpki/drivers/engine/data_st.h +include/libpki/drivers/engine/engine_hsm.h +include/libpki/drivers/engine/engine_hsm_obj.h +include/libpki/drivers/engine/engine_hsm_pkey.h +include/libpki/drivers/engine/engine_st.h +include/libpki/drivers/hsm_keypair.h +include/libpki/drivers/hsm_main.h +include/libpki/drivers/hsm_slot.h +include/libpki/drivers/kmf/data_st.h +include/libpki/drivers/kmf/kmf_hsm.h +include/libpki/drivers/kmf/kmf_hsm_engine.h +include/libpki/drivers/kmf/kmf_hsm_pkey.h +include/libpki/drivers/kmf/kmf_hsm_sign.h +include/libpki/drivers/kmf/pki_kmflib.h +include/libpki/drivers/openssl/data_st.h +include/libpki/drivers/openssl/openssl_hsm.h +include/libpki/drivers/openssl/openssl_hsm_cb.h +include/libpki/drivers/openssl/openssl_hsm_obj.h +include/libpki/drivers/openssl/openssl_hsm_pkey.h +include/libpki/drivers/pkcs11/pkcs11_hsm.h +include/libpki/drivers/pkcs11/pkcs11_hsm_obj.h +include/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h +include/libpki/drivers/pkcs11/pkcs11_utils.h +include/libpki/drivers/pkcs11/rsa/cryptoki.h +include/libpki/drivers/pkcs11/rsa/pkcs11.h +include/libpki/drivers/pkcs11/rsa/pkcs11_func.h +include/libpki/drivers/pkcs11/rsa/pkcs11f.h +include/libpki/drivers/pkcs11/rsa/pkcs11t.h +include/libpki/errors-new.h +include/libpki/errors.h +include/libpki/est/est.h +include/libpki/est/pki_x509_est_asn1.h +include/libpki/est/pki_x509_est_attrs.h +include/libpki/est/pki_x509_est_data.h +include/libpki/est/pki_x509_est_msg.h +include/libpki/extensions.h +include/libpki/hsm_st.h +include/libpki/io/pki_keypair_io.h +include/libpki/io/pki_msg_req_io.h +include/libpki/io/pki_msg_resp_io.h +include/libpki/io/pki_ocsp_req_io.h +include/libpki/io/pki_ocsp_resp_io.h +include/libpki/io/pki_x509_cert_io.h +include/libpki/io/pki_x509_cms_io.h +include/libpki/io/pki_x509_crl_io.h +include/libpki/io/pki_x509_io.h +include/libpki/io/pki_x509_p12_io.h +include/libpki/io/pki_x509_pkcs7_io.h +include/libpki/io/pki_x509_req_io.h +include/libpki/io/pki_x509_xpair_io.h +include/libpki/libpkiv.h +include/libpki/net/dns.h +include/libpki/net/http_s.h +include/libpki/net/ldap.h +include/libpki/net/pkcs11.h +include/libpki/net/pki_mysql.h +include/libpki/net/pki_pg.h +include/libpki/net/pki_socket.h +include/libpki/net/sock.h +include/libpki/net/ssl.h +include/libpki/net/url.h +include/libpki/openssl/data_st.h +include/libpki/openssl/pthread_init.h +include/libpki/os.h +include/libpki/pki.h +include/libpki/pki_algor.h +include/libpki/pki_conf.h +include/libpki/pki_config.h +include/libpki/pki_cred.h +include/libpki/pki_digest.h +include/libpki/pki_err.h +include/libpki/pki_hmac.h +include/libpki/pki_id.h +include/libpki/pki_id_info.h +include/libpki/pki_init.h +include/libpki/pki_integer.h +include/libpki/pki_io.h +include/libpki/pki_keypair.h +include/libpki/pki_keyparams.h +include/libpki/pki_log.h +include/libpki/pki_mem.h +include/libpki/pki_msg.h +include/libpki/pki_msg_req.h +include/libpki/pki_msg_resp.h +include/libpki/pki_ocsp_req.h +include/libpki/pki_ocsp_resp.h +include/libpki/pki_oid.h +include/libpki/pki_string.h +include/libpki/pki_threads.h +include/libpki/pki_threads_vars.h +include/libpki/pki_time.h +include/libpki/pki_x509.h +include/libpki/pki_x509_attribute.h +include/libpki/pki_x509_cert.h +include/libpki/pki_x509_cert_mem.h +include/libpki/pki_x509_cms.h +include/libpki/pki_x509_crl.h +include/libpki/pki_x509_data_st.h +include/libpki/pki_x509_extension.h +include/libpki/pki_x509_mem.h +include/libpki/pki_x509_mime.h +include/libpki/pki_x509_name.h +include/libpki/pki_x509_p12.h +include/libpki/pki_x509_pkcs7.h +include/libpki/pki_x509_profile.h +include/libpki/pki_x509_req.h +include/libpki/pki_x509_signature.h +include/libpki/pki_x509_xpair.h +include/libpki/pki_x509_xpair_asn1.h +include/libpki/profile.h +include/libpki/prqp/http_client.h +include/libpki/prqp/prqp.h +include/libpki/prqp/prqp_asn1.h +include/libpki/prqp/prqp_bio.h +include/libpki/prqp/prqp_lib.h +include/libpki/prqp/prqp_req_io.h +include/libpki/prqp/prqp_resp_io.h +include/libpki/prqp/prqp_srv.h +include/libpki/prqp/prqp_stack.h +include/libpki/scep/pki_x509_scep_asn1.h +include/libpki/scep/pki_x509_scep_attrs.h +include/libpki/scep/pki_x509_scep_data.h +include/libpki/scep/pki_x509_scep_msg.h +include/libpki/scep/scep.h +include/libpki/stack.h +include/libpki/support.h +include/libpki/token.h +include/libpki/token_data.h +include/libpki/token_id.h +include/libpki/token_st.h +lib/libpki.a +lib/libpki.so +lib/libpki.so.91 +lib/libpki.so.91.91.3 +@comment libdata/ldconfig/libpki +@comment share/libpki/README.data_structures +@comment share/libpki/README.functions +@comment share/libpki/doxygen-man.conf +@comment share/libpki/doxygen-pdf.conf +@comment share/libpki/doxygen.conf +@comment share/libpki/pkginfo diff --git a/security/openca-ocspd/Makefile b/security/openca-ocspd/Makefile new file mode 100644 index 000000000000..51e5baf5900e --- /dev/null +++ b/security/openca-ocspd/Makefile @@ -0,0 +1,43 @@ +# Created by Bruno Damour +# + +PORTNAME= openca-ocspd +DISTVERSION= 3.1.3-p20211023 +CATEGORIES= security +DISTNAME= openca-ocspd-3.1.3-p20211023 + +MAINTAINER= bruno@ruomad.net +COMMENT= OpenCA OCSP responder + +LICENSE= APACHE20 + +LIB_DEPENDS= libpki.so:security/libpki \ + libxml2.so:textproc/libxml2 + +USES= ssl autoreconf libtool shebangfix +USE_GITHUB= yes +GH_ACCOUNT= openca +GH_TAGNAME= v3.1.2-13-ga779a5e +SHEBANG_FILES= etc/ocspd.in scripts/ocspd-genreq.sh.in test/test.sh + +# Add a rc script to start the OCSP daemon +USE_RC_SUBR= ocspd + +# Provided patches fix : +# - src/config.c and src/crl.c to fix calls PKI_* wrongly using -1 as +# second argument (data format) instead of PKI_DATA_FORMAT_UNKNOWN +# - src/global-vars.in to add localrootdir (new autoconf versions) +# - configure.ac to detect the presence of socket.h : +# hence the need to autoreconf +PATCH_STRIP= -p0 + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-libpki-prefix=${PREFIX} + +# Rename installed configuration files to samples +post-stage: + for f in $$(find ${STAGEDIR}${PREFIX}/etc/ocspd -type f); do \ + ${MV} $$f $$f.sample; \ + done + +.include diff --git a/security/openca-ocspd/distinfo b/security/openca-ocspd/distinfo new file mode 100644 index 000000000000..7402d3b2b1bf --- /dev/null +++ b/security/openca-ocspd/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1634990265 +SHA256 (openca-openca-ocspd-3.1.3-p20211023-v3.1.2-13-ga779a5e_GH0.tar.gz) = 42964c883a8f53c7b2fe403edbe32e9f3b2111fec72fce6726e660671b01c8b6 +SIZE (openca-openca-ocspd-3.1.3-p20211023-v3.1.2-13-ga779a5e_GH0.tar.gz) = 594630 diff --git a/security/openca-ocspd/files/ocspd.in b/security/openca-ocspd/files/ocspd.in new file mode 100755 index 000000000000..dc813fc1fe86 --- /dev/null +++ b/security/openca-ocspd/files/ocspd.in @@ -0,0 +1,21 @@ +#!/bin/sh + +# PROVIDE: ocspd +# REQUIRE: NETWORK + +. /etc/rc.subr + +name=ocspd +rcvar=ocspd_enable + +pidfile="/var/run/${name}.pid" + +command="%%PREFIX%%/sbin/ocspd" +command_args="-c %%PREFIX%%/etc/ocspd/ocspd.xml -d -v" + +load_rc_config ${name} +: ${ocspd_enable:=no} +: ${ocspd_msg="Nothing started."} + + +run_rc_command "$1" diff --git a/security/openca-ocspd/files/patch-config.c b/security/openca-ocspd/files/patch-config.c new file mode 100644 index 000000000000..2e01372f0b5b --- /dev/null +++ b/security/openca-ocspd/files/patch-config.c @@ -0,0 +1,47 @@ +--- src/ocspd/config.c.orig 2020-01-08 19:28:11 UTC ++++ src/ocspd/config.c +@@ -487,7 +487,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, + subTmp_s = NULL; + + // Retrieves the CA cert +- if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, -1, NULL, NULL ))== NULL) ++ if ((tmp_cert = PKI_X509_CERT_get_url(tmp_url, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL ))== NULL) + { + // Error, can not get the CA certificate from the + // provided URL in the configuration +@@ -524,7 +524,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, + } + + // Parses and get the stack of X509_CERT from the PKI_MEM data +- if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, -1, NULL)) == NULL) { ++ if ((cc_sk = PKI_X509_CERT_STACK_get_mem(mm, PKI_DATA_FORMAT_UNKNOWN, NULL)) == NULL) { + + // Error, can not get the stack of certs from the CA cert value + PKI_log_err("Can not parse cert from /caConfig/caCertValue [CA: %s]", +@@ -745,7 +745,7 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler, + else + { + // The Server's cert URL is found, let's load the certificate +- if ((tmp_cert = PKI_X509_CERT_get(tmp_s, -1, NULL, NULL)) == NULL) { ++ if ((tmp_cert = PKI_X509_CERT_get(tmp_s, PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL) { + + // Error, can not get the certificate from the URL + PKI_log_err("Can not get server's cert [CA: %s, URL: %s]", +@@ -857,7 +857,7 @@ int OCSPD_load_crl ( CA_LIST_ENTRY *ca, OCSPD_CONFIG * + + // Load the new CRL + if (( ca->crl = PKI_X509_CRL_get_url(ca->crl_url, +- -1, NULL, NULL )) == NULL) { ++ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) { + + // Error, can not get the CRL from the URL + PKI_log_err("Failed loading CRL for [CA: %s, URL: %s]", +@@ -946,7 +946,7 @@ int ocspd_reload_all_ca ( OCSPD_CONFIG *conf ) { + + // Get the CA certificate + if ((ca->ca_cert = PKI_X509_CERT_get_url(ca->ca_url, +- -1, NULL, NULL )) == NULL) { ++ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL )) == NULL) { + + // Can not get the CA Cert from the URL + PKI_log_err("Can not load CA cert [CA: %s, URL: %s]", diff --git a/security/openca-ocspd/files/patch-configure.ac b/security/openca-ocspd/files/patch-configure.ac new file mode 100644 index 000000000000..55f26b945a2a --- /dev/null +++ b/security/openca-ocspd/files/patch-configure.ac @@ -0,0 +1,11 @@ +--- configure.ac.orig 2020-01-08 20:28:11.000000000 +0100 ++++ configure.ac 2021-08-25 14:58:50.324390000 +0200 +@@ -147,7 +147,7 @@ + dnl Checks for programs. + dnl AC_CONFIG_HEADERS + AC_STDC_HEADERS +-AC_HAVE_HEADERS(string.h stdio.h stdlib.h fcntl.h sys/file.h sys/param.h sys/sem.h sys/ipc.h) ++AC_HAVE_HEADERS(string.h stdio.h stdlib.h fcntl.h sys/file.h sys/param.h sys/sem.h sys/ipc.h sys/socket.h) + + AC_CONFIG_HEADERS(src/ocspd/includes/config.h) + diff --git a/security/openca-ocspd/files/patch-core.c b/security/openca-ocspd/files/patch-core.c new file mode 100644 index 000000000000..fd04668dad62 --- /dev/null +++ b/security/openca-ocspd/files/patch-core.c @@ -0,0 +1,46 @@ +--- src/ocspd/core.c.orig 2021-10-23 13:37:33.148289000 +0200 ++++ src/ocspd/core.c 2021-10-23 13:49:04.412933000 +0200 +@@ -52,13 +52,15 @@ + } + + rv = PKI_TOKEN_check(ocspd_conf->token); +- if (rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR | +- PKI_TOKEN_STATUS_CERT_ERR | +- PKI_TOKEN_STATUS_CACERT_ERR)) ++ if (rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR | ++ PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR | ++ PKI_TOKEN_STATUS_CERT_MISSING_ERR | ++ PKI_TOKEN_STATUS_CACERT_MISSING_ERR)) + { +- if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL); +- if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL); +- if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL); ++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL); ++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_KEYPAIR_LOAD, NULL); ++ if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CERT_LOAD, NULL); ++ if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_ERR_TOKEN_CACERT_LOAD, NULL); + + PKI_log_err("Token Configuration Fatal Error (%d)", rv); + exit(rv); +@@ -101,13 +103,15 @@ + } + + rv = PKI_TOKEN_check(ca->token); +- if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_ERR | +- PKI_TOKEN_STATUS_CERT_ERR | +- PKI_TOKEN_STATUS_CACERT_ERR)) ++ if ( rv & (PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR | ++ PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR | ++ PKI_TOKEN_STATUS_CERT_MISSING_ERR | ++ PKI_TOKEN_STATUS_CACERT_MISSING_ERR)) + { +- if (rv & PKI_TOKEN_STATUS_KEYPAIR_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_ERR, NULL); +- if (rv & PKI_TOKEN_STATUS_CERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_ERR, NULL); +- if (rv & PKI_TOKEN_STATUS_CACERT_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_ERR, NULL); ++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR, NULL); ++ if (rv & PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR, NULL); ++ if (rv & PKI_TOKEN_STATUS_CERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CERT_MISSING_ERR, NULL); ++ if (rv & PKI_TOKEN_STATUS_CACERT_MISSING_ERR) PKI_ERROR(PKI_TOKEN_STATUS_CACERT_MISSING_ERR, NULL); + + PKI_log_err ( "Token Configuration Fatal Error (%d) for ca %s", rv, ca->ca_id); + exit(rv); diff --git a/security/openca-ocspd/files/patch-crl.c b/security/openca-ocspd/files/patch-crl.c new file mode 100644 index 000000000000..8d7622810feb --- /dev/null +++ b/security/openca-ocspd/files/patch-crl.c @@ -0,0 +1,11 @@ +--- src/ocspd/crl.c.orig 2020-01-08 19:28:11 UTC ++++ src/ocspd/crl.c +@@ -49,7 +49,7 @@ int ocspd_load_ca_crl(CA_LIST_ENTRY *caEntry, OCSPD_CO + + // We now re-load the CRL + if( (caEntry->crl = PKI_X509_CRL_get_url(caEntry->crl_url, +- -1, NULL, NULL)) == NULL ) { ++ PKI_DATA_FORMAT_UNKNOWN, NULL, NULL)) == NULL ) { + PKI_log_err("Can not reload CRL [CA: %s, URL: %s]", + caEntry->ca_id, caEntry->crl_url->url_s); + PKI_RWLOCK_release_write(&conf->crl_lock); diff --git a/security/openca-ocspd/files/patch-global-vars.in b/security/openca-ocspd/files/patch-global-vars.in new file mode 100644 index 000000000000..ece98ae81142 --- /dev/null +++ b/security/openca-ocspd/files/patch-global-vars.in @@ -0,0 +1,10 @@ +--- src/global-vars.in.orig 2020-01-08 19:28:11 UTC ++++ src/global-vars.in +@@ -12,6 +12,7 @@ doc_prefix = $(DESTDIR)${datadir}/openca-prqpd + DEST_SBINDIR = $(DESTDIR)@sbindir@ + DEST_BINDIR = $(DESTDIR)@bindir@ + DEST_LIBDIR = $(DESTDIR)@libdir@ ++DEST_DATADIR = @datarootdir@ + DEST_DATADIR = @datadir@ + DEST_INFODIR = @infodir@ + DEST_MANDIR = @mandir@ diff --git a/security/openca-ocspd/files/patch-includes_general.h b/security/openca-ocspd/files/patch-includes_general.h new file mode 100644 index 000000000000..1fe5daa39abd --- /dev/null +++ b/security/openca-ocspd/files/patch-includes_general.h @@ -0,0 +1,11 @@ +--- src/ocspd/includes/general.h.orig 2020-01-08 19:28:11 UTC ++++ src/ocspd/includes/general.h +@@ -15,6 +15,8 @@ + # define ATTRIBUTE_NO_SANITIZE_ADDRESS + #endif + ++#include "config.h" ++ + #include + #include + diff --git a/security/openca-ocspd/pkg-descr b/security/openca-ocspd/pkg-descr new file mode 100644 index 000000000000..b00121b12c47 --- /dev/null +++ b/security/openca-ocspd/pkg-descr @@ -0,0 +1,6 @@ +OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder. +The server is a stand-alone application and can be integrated into many different PKI solutions +as it does not depend on specific database scheme. +Furthermore it can be used as a responder for multiple CAs. + +WWW: https://www.openca.org/projects/ocspd diff --git a/security/openca-ocspd/pkg-plist b/security/openca-ocspd/pkg-plist new file mode 100644 index 000000000000..9f1b2eaea61b --- /dev/null +++ b/security/openca-ocspd/pkg-plist @@ -0,0 +1,20 @@ +bin/ocspd-genreq.sh +@comment bin/test.sh +@comment etc/init.d/ocspd +etc/ocspd/ocspd.xml.sample +etc/ocspd/pki/token.d/etoken.xml.sample +etc/ocspd/pki/token.d/software.xml.sample +etc/ocspd/pki/token.d/eracom.xml.sample +etc/ocspd/ca.d/collegeca.xml.sample +etc/ocspd/ca.d/self-certs.xml.sample +libdata/pkgconfig/openca-ocspd.pc +sbin/ocspd +share/man/man3/ocspd.3.gz +share/man/man3/ocspd.conf.3.gz +@dir etc/ocspd/ca.d +@dir etc/ocspd/certs +@dir etc/ocspd/crls +@dir etc/ocspd/pki/hsm.d +@dir etc/ocspd/pki/profile.d +@dir etc/ocspd/private +@dir var/run