Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Aug 2010 20:11:54 GMT
From:      Grzegorz Blach <magik@roorback.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/149509: Fix for TLS SNI in www/lighttpd
Message-ID:  <201008102011.o7AKBsv7033440@www.freebsd.org>
Resent-Message-ID: <201008102020.o7AKK2Xe044504@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         149509
>Category:       ports
>Synopsis:       Fix for TLS SNI in www/lighttpd
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 10 20:20:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Grzegorz Blach
>Release:        8.1-RELEASE amd64
>Organization:
>Environment:
FreeBSD silver.nine 8.1-RELEASE FreeBSD 8.1-RELEASE #13 r210273: Tue Jul 20 04:46:24 CEST 2010     root@silver.nine:/usr/obj/usr/src/sys/SILVER  amd64

>Description:
Ligttpd use TLS SNI if is linked against openssl 0.9.8f or higher.
In base FreeBSD 8.1 openssl is in v. 0.9.8n, but unfortunately without TLS SNI.

There two possible solutions:
1) link lighttpd with openssl from port (v.1.0.0a)
2) enable TLS SNI with openssl from base


I prepared patch for first solution (in attachment).


>How-To-Repeat:
Build lighttpd on 8.1, and try to use name based https configuration

More info at: http://redmine.lighttpd.net/issues/2207
>Fix:
Apply my patch for lighttpd and rebuild

Patch attached with submission follows:

diff -x .svn -ruN /var/cache/portshaker/ports/www/lighttpd/Makefile www/lighttpd/Makefile
--- /var/cache/portshaker/ports/www/lighttpd/Makefile	2010-08-03 21:09:14.000000000 +0200
+++ www/lighttpd/Makefile	2010-08-10 22:02:39.589228221 +0200
@@ -81,6 +81,7 @@
 
 .if !defined(WITHOUT_OPENSSL)
 .include "${PORTSDIR}/Mk/bsd.openssl.mk"
+WITH_OPENSSL_PORT=	yes
 CONFIGURE_ARGS+=	--with-openssl \
 			--with-openssl-includes=${OPENSSLINC} \
 			--with-openssl-libs=${OPENSSLLIB}


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008102011.o7AKBsv7033440>