Date: Sat, 25 Jan 2025 12:08:14 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: e4321009ba2e - main - security/mod_tls: Add new Apache httpd TLS module Message-ID: <202501251208.50PC8EAx029421@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=e4321009ba2e4d9cc753f88dea3769f46ae9321b commit e4321009ba2e4d9cc753f88dea3769f46ae9321b Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2025-01-25 12:06:17 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2025-01-25 12:06:17 +0000 security/mod_tls: Add new Apache httpd TLS module * This (experimental) module was part of www/apache24 up to 2.4.62 Differential Revision: https://reviews.freebsd.org/D48514 --- www/Makefile | 1 + www/mod_tls/Makefile | 39 +++++++++++++++++++++++++++++++++++ www/mod_tls/distinfo | 3 +++ www/mod_tls/files/001-mod_tls.conf.in | 21 +++++++++++++++++++ www/mod_tls/pkg-descr | 2 ++ www/mod_tls/pkg-message | 18 ++++++++++++++++ www/mod_tls/pkg-plist | 8 +++++++ 7 files changed, 92 insertions(+) diff --git a/www/Makefile b/www/Makefile index d7bcd6d80d7d..57eb56952c18 100644 --- a/www/Makefile +++ b/www/Makefile @@ -427,6 +427,7 @@ SUBDIR += mod_scgi SUBDIR += mod_security SUBDIR += mod_setenvifplus + SUBDIR += mod_tls SUBDIR += mod_umask SUBDIR += mod_webauth SUBDIR += mod_webkit diff --git a/www/mod_tls/Makefile b/www/mod_tls/Makefile new file mode 100644 index 000000000000..66fd64fc1032 --- /dev/null +++ b/www/mod_tls/Makefile @@ -0,0 +1,39 @@ +PORTNAME= mod_tls +PORTVERSION= 0.14.0 +CATEGORIES= www security +MASTER_SITES= https://github.com/icing/mod_tls/releases/download/v${DISTVERSION}/ +PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} + +MAINTAINER= brnrd@FreeBSD.org +COMMENT= rustls based TLS for Apache httpd +WWW= https://github.com/icing/mod_tls + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= rustls-ffi==0.14.0:security/rustls-ffi +LIB_DEPENDS= librustls.so:security/rustls-ffi + +INSTALL_TARGET= install-strip + +USES= apache libtool +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-rustls=${LOCALBASE} + +MODULENAME= mod_tls + +SUB_FILES= 001-mod_tls.conf +PORTDOCS= README README.md + +OPTIONS_DEFINE= DOCS + +.include <bsd.port.pre.mk> + +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/${APACHEMODDIR}/${MODULENAME}.so.0.0.0 + ${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d + ${INSTALL_DATA} ${WRKDIR}/001-mod_tls.conf \ + ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d/001-mod_tls.conf.sample + ${RM} ${STAGEDIR}${DOCSDIR}/LICENSE + +.include <bsd.port.post.mk> diff --git a/www/mod_tls/distinfo b/www/mod_tls/distinfo new file mode 100644 index 000000000000..d9c451c07181 --- /dev/null +++ b/www/mod_tls/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1730551891 +SHA256 (mod_tls-0.14.0.tar.gz) = 701db868a4fb2cd85b272e5defc2841dcc81eda2546bfa6fbf5c209774b4edcb +SIZE (mod_tls-0.14.0.tar.gz) = 563693 diff --git a/www/mod_tls/files/001-mod_tls.conf.in b/www/mod_tls/files/001-mod_tls.conf.in new file mode 100644 index 000000000000..3f2bd2b240b7 --- /dev/null +++ b/www/mod_tls/files/001-mod_tls.conf.in @@ -0,0 +1,21 @@ +# To enable, uncomment the LoadModule line + +# LoadModule tls_module %%APACHE_MODDIR%%/mod_tls.so + +<IfModule tls_module> + TLSEngine 443 + TLSStrictSNI on +</IfModule> + +# Switching from mod_ssl to mod_tls +# +# Replace the mod_ssl config +# +# SSLEngine on +# SSLCertificateFile file_with_certificate.pem +# SSLCertificateKeyFile file_with_key.pem +# +# with +# +# TLSEngine 443 +# TLSCertificate file_with_certificate.pem file_with_key.pem diff --git a/www/mod_tls/pkg-descr b/www/mod_tls/pkg-descr new file mode 100644 index 000000000000..c4767ff09d20 --- /dev/null +++ b/www/mod_tls/pkg-descr @@ -0,0 +1,2 @@ +A module for Apache httpd that uses rustls to provide a memory safe TLS +implementation in Rust. diff --git a/www/mod_tls/pkg-message b/www/mod_tls/pkg-message new file mode 100644 index 000000000000..41ad11adbc90 --- /dev/null +++ b/www/mod_tls/pkg-message @@ -0,0 +1,18 @@ +[ +{ type: install + message: <<EOM + +To enable mod_tls, uncomment the LoadModule line in +apache24/modules.d/001-mod_tls.conf + + LoadModule tls_module ${modDir}/mod_tls.so + +This module can co-exist with mod_ssl, it is your configuration that +uses one or the other. + +To switch from mod_ssl, check the documentation on +https://github.com/icing/mod_tls#configuration. + +EOM +} +] diff --git a/www/mod_tls/pkg-plist b/www/mod_tls/pkg-plist new file mode 100644 index 000000000000..98d22e927cf9 --- /dev/null +++ b/www/mod_tls/pkg-plist @@ -0,0 +1,8 @@ +@sample %%APACHEETCDIR%%/modules.d/001-mod_tls.conf.sample +lib/mod_tls.a +lib/%%AP_MODULE%% +lib/%%AP_MODULE%%.0 +lib/%%AP_MODULE%%.0.0.0 +%%APACHEMODDIR%%/%%AP_MODULE%% +%%APACHEMODDIR%%/%%AP_MODULE%%.0.0.0 +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501251208.50PC8EAx029421>