Bug 149509

Summary: Fix for TLS SNI in www/lighttpd
Product: Ports & Packages Reporter: Grzegorz Blach <magik>
Component: Individual Port(s)Assignee: Martin Matuska <mm>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Grzegorz Blach 2010-08-10 21:20:01 UTC 
Ligttpd use TLS SNI if is linked against openssl 0.9.8f or higher.
In base FreeBSD 8.1 openssl is in v. 0.9.8n, but unfortunately without TLS SNI.

There two possible solutions:
1) link lighttpd with openssl from port (v.1.0.0a)
2) enable TLS SNI with openssl from base


I prepared patch for first solution (in attachment).

Fix: Apply my patch for lighttpd and rebuild

Patch attached with submission follows:
How-To-Repeat: Build lighttpd on 8.1, and try to use name based https configuration

More info at: http://redmine.lighttpd.net/issues/2207
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-08-10 21:20:12 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->mm

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dirk.meyer 2010-08-10 21:51:01 UTC 
Grzegorz Blach schrieb:,

>  .if !defined(WITHOUT_OPENSSL)
>  .include "${PORTSDIR}/Mk/bsd.openssl.mk"
> +WITH_OPENSSL_PORT=	yes
>  CONFIGURE_ARGS+=	--with-openssl \
>  			--with-openssl-includes=${OPENSSLINC} \
>  			--with-openssl-libs=${OPENSSLLIB}

This has not the desired effect.
WITH_OPENSSL_PORT needs to be set before including bsd.openssl.mk.

Your patch works only if the openssl port is already installed.

using the sequence:

WITH_OPENSSL_PORT=   yes
.include "${PORTSDIR}/Mk/bsd.openssl.mk"

will force the lightpd build with opeens from port.

I see some regressions in lightpd,
as curl and fetch can no longer send post requests
with recent lightpd over ssl, which might be related.

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org]
Comment 3 Martin Matuska freebsd_committer freebsd_triage 2010-09-06 13:05:41 UTC 
I am not experiencing the problems with fetch and curl as of today.

WITH_OPENSSL_PORT is user-selectable (/etc/make.conf) and should not be
enforced in the port.

Any more information on this or can I close this pr?
Comment 4 Martin Matuska freebsd_committer freebsd_triage 2010-11-22 15:38:02 UTC 
State Changed
From-To: open->closed

Closed on inactivity timeout.