Date: Tue, 8 Mar 2016 20:19:07 +0000 (UTC) From: Christian Weisgerber <naddy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410654 - in head/net/openntpd: . files Message-ID: <201603082019.u28KJ7c5007900@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: naddy Date: Tue Mar 8 20:19:07 2016 New Revision: 410654 URL: https://svnweb.freebsd.org/changeset/ports/410654 Log: * Reenable certificate validation through libressl (libressl 2.2.6 seems to be happy enough with the ca_root_nss 3.22.2 upgrade) * Avoid strptime %Z which is nonstandard and can give surprising results on different operating systems. (Same fix as upstream.) PR: 207685 Submitted by: mandree Added: head/net/openntpd/files/patch-src_constraint.c (contents, props changed) Modified: head/net/openntpd/Makefile Modified: head/net/openntpd/Makefile ============================================================================== --- head/net/openntpd/Makefile Tue Mar 8 20:11:27 2016 (r410653) +++ head/net/openntpd/Makefile Tue Mar 8 20:19:07 2016 (r410654) @@ -2,7 +2,7 @@ PORTNAME= openntpd PORTVERSION= 5.7p4 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 2 CATEGORIES= net MASTER_SITES= OPENBSD/OpenNTPD @@ -20,25 +20,26 @@ USE_RC_SUBR= openntpd GNU_CONFIGURE= yes CONFIGURE_ARGS= --disable-silent-rules -# XXX: -# * LibreSSL fails with the certificiate bundle from ca_root_nss. +# * LibreSSL fails with the certificiate bundle from ca_root_nss; +# 3.22.2 appears to work just fine (unlike 3.22). # * USE_OPENSSL does not handle LibreSSL yet. -# -#OPTIONS_DEFINE= RESSL -#RESSL_DESC= SSL/TLS support via LibreSSL -# -#OPTIONS_DEFAULT= RESSL -# -#RESSL_LIB_DEPENDS= libtls.so:${PORTSDIR}/security/libressl -#RESSL_CONFIGURE_WITH= cacert=${LOCALBASE}/etc/ssl/cert.pem -#RESSL_CPPFLAGS= -I${LOCALBASE}/include -#RESSL_LDFLAGS= -L${LOCALBASE}/lib + +OPTIONS_DEFINE= RESSL +RESSL_DESC= SSL/TLS support via LibreSSL + +OPTIONS_DEFAULT= RESSL + +RESSL_LIB_DEPENDS= libtls.so:${PORTSDIR}/security/libressl +RESSL_CONFIGURE_WITH= cacert=${LOCALBASE}/etc/ssl/cert.pem +RESSL_CPPFLAGS= -I${LOCALBASE}/include +RESSL_LDFLAGS= -L${LOCALBASE}/lib +RESSL_RUN_DEPENDS= ca_root_nss>=3.22.2:${PORTSDIR}/security/ca_root_nss pre-build: ${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \ ${WRKSRC}/src/ntpd.conf.5 ${WRKSRC}/src/ntpd.8 post-install: - cd ${STAGEDIR}${PREFIX}/etc; ${MV} ntpd.conf ntpd.conf.sample + cd ${STAGEDIR}${PREFIX}/etc && ${MV} ntpd.conf ntpd.conf.sample .include <bsd.port.mk> Added: head/net/openntpd/files/patch-src_constraint.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/openntpd/files/patch-src_constraint.c Tue Mar 8 20:19:07 2016 (r410654) @@ -0,0 +1,11 @@ +--- src/constraint.c.orig 2015-03-14 21:24:11 UTC ++++ src/constraint.c +@@ -665,7 +665,7 @@ httpsdate_request(struct httpsdate *http + * or ANSI C's asctime() - the latter doesn't include + * the timezone which is required here. + */ +- if (strptime(p, "%a, %d %h %Y %T %Z", ++ if (strptime(p, "%a, %d %h %Y %T GMT", + &httpsdate->tls_tm) == NULL) { + log_warnx("unsupported date format"); + free(line);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603082019.u28KJ7c5007900>