Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Dec 2013 10:59:56 +0000
From:      "Anton Yuzhaninov" <citrin-mail71@rambler.ru>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        lev@FreeBSD.org
Subject:   ports/185130: [PATCH] www/neon29: use root CA bundle
Message-ID:  <E1Vv3Er-0004Ip-6y@huan2.mail.rambler.ru>
Resent-Message-ID: <201312231110.rBNBA0BZ032507@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         185130
>Category:       ports
>Synopsis:       [PATCH] www/neon29: use root CA bundle
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 23 11:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Anton Yuzhaninov
>Release:        FreeBSD 10.0-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD hius.citrin.ru 10.0-PRERELEASE FreeBSD 10.0-PRERELEASE #10 r259719: Sun Dec 22 15:28:52 UTC
>Description:
It is important to validate server's certificate using root CA bundle.

Port maintainer (lev@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.99_11 (mode: change, diff: ports)
>How-To-Repeat:
>Fix:

--- neon29-0.29.6_4.patch begins here ---
diff -ruN /usr/ports//www/neon29/Makefile ./Makefile
--- /usr/ports//www/neon29/Makefile	2013-11-05 22:40:46.000000000 +0000
+++ ./Makefile	2013-12-23 10:53:01.000000000 +0000
@@ -13,14 +13,15 @@
 
 CONFLICTS=	neon2[^9]-[0-9]*
 
-OPTIONS_DEFINE=		OPENSSL NLS GSSAPI PROXY DOCS
-OPTIONS_DEFAULT=	EXPAT OPENSSL NLS GSSAPI
+OPTIONS_DEFINE=		CA_BUNDLE DOCS GSSAPI NLS OPENSSL PROXY
+OPTIONS_DEFAULT=	CA_BUNDLE EXPAT GSSAPI NLS OPENSSL
 OPTIONS_SINGLE=		XML
 OPTIONS_SINGLE_XML=	EXPAT LIBXML
 
-XML_DESC=		XML parser library
+CA_BUNDLE_DESC=		Install CA bundle for OpenSSL
 LIBXML_DESC=		libxml2 XML parser support
 PROXY_DESC=		libproxy support
+XML_DESC=		XML parser library
 
 USE_AUTOTOOLS=	libtool
 USE_LDCONFIG=	yes
@@ -31,8 +32,16 @@
 CONFIGURE_ARGS=	--enable-shared \
 		--with-libs=${LOCALBASE}:${PREFIX}
 
+CA_BUNDLE_CONFIGURE_ON=	--with-ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt
+CA_BUNDLE_RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
+
 .include <bsd.port.options.mk>
 
+.if ${PORT_OPTIONS:MCA_BUNDLE} && !${PORT_OPTIONS:MOPENSSL}
+WARNING+=	"OpenSSL need for CA bundle support"
+WARNING+=	"Enable the OPENSSL option or disable the CA_BUNDLE option"
+.endif
+
 .if ${PORT_OPTIONS:MEXPAT}
 CONFIGURE_ARGS+=--with-expat
 LIB_DEPENDS+=	expat.6:${PORTSDIR}/textproc/expat2
--- neon29-0.29.6_4.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Vv3Er-0004Ip-6y>