From 7b787b5acb50d41f8285177c2c342f2a9f5d86d6 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Sat, 10 Nov 2018 22:47:53 +0200 Subject: [PATCH] LibreSSL does not work properly for me, trying good old OpenSSL --- pkgs/build-all.sh | 2 +- pkgs/libressl/build.sh | 29 ---------------------- pkgs/openssl/build.sh | 41 +++++++++++++++++++++++++++++++ pkgs/openssl/patches/ca-dir.patch | 31 +++++++++++++++++++++++ 4 files changed, 73 insertions(+), 30 deletions(-) delete mode 100755 pkgs/libressl/build.sh create mode 100755 pkgs/openssl/build.sh create mode 100644 pkgs/openssl/patches/ca-dir.patch diff --git a/pkgs/build-all.sh b/pkgs/build-all.sh index ded9c13..6328198 100755 --- a/pkgs/build-all.sh +++ b/pkgs/build-all.sh @@ -42,7 +42,7 @@ b mksh # Networking b zlib -b libressl +b openssl b curl # Init diff --git a/pkgs/libressl/build.sh b/pkgs/libressl/build.sh deleted file mode 100755 index 51d8e95..0000000 --- a/pkgs/libressl/build.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -pkgname="libressl" -pkgver="2.8.2" - -src="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${pkgver}.tar.gz" - -prepare () { - [ -f "${pkgname}-src.tar.gz" ] || curl -o "${pkgname}-src.tar.gz" "${src}" - tar -C "${srcdir}" -xvf "${pkgname}-src.tar.gz" -} - -build () { - cd "${srcdir}/libressl-${pkgver}" - mkdir build && cd build - - ../configure \ - --prefix=/usr \ - --with-openssldir=/etc/ssl - - make -} - -package () { - cd "${srcdir}/libressl-${pkgver}/build" - make DESTDIR="${pkgdir}" install -} - -. ../common.sh diff --git a/pkgs/openssl/build.sh b/pkgs/openssl/build.sh new file mode 100755 index 0000000..c4ed895 --- /dev/null +++ b/pkgs/openssl/build.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +pkgname="openssl" +pkgver="1.1.1" + +src="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz" + +prepare () { + [ -f "${pkgname}-src.tar.gz" ] || curl -o "${pkgname}-src.tar.gz" "${src}" + tar -C "${srcdir}" -xvf "${pkgname}-src.tar.gz" +} + +build () { + cd "${srcdir}/openssl-${pkgver}" + + for p in "${wd}"/patches/*.patch; do + patch -u -p0 < "${p}" + done + + ./Configure \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + --libdir=lib \ + shared no-ssl3-method enable-ec_nistp_64_gcc_128 linux-x86_64 \ + no-async \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make depend + make +} + +package () { + cd "${srcdir}/openssl-${pkgver}" + make \ + DESTDIR="${pkgdir}" \ + MANDIR=/usr/share/man \ + MANSUFFIX=ssl \ + install_sw install_ssldirs install_man_docs +} + +. ../common.sh diff --git a/pkgs/openssl/patches/ca-dir.patch b/pkgs/openssl/patches/ca-dir.patch new file mode 100644 index 0000000..a140243 --- /dev/null +++ b/pkgs/openssl/patches/ca-dir.patch @@ -0,0 +1,31 @@ +--- apps/CA.pl.in 2018-09-11 14:48:19.000000000 +0200 ++++ apps/CA.pl.in 2018-09-11 16:16:32.125629435 +0200 +@@ -33,7 +33,7 @@ + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/ssl"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +--- apps/openssl.cnf 2018-09-11 14:48:20.000000000 +0200 ++++ apps/openssl.cnf 2018-09-11 16:16:32.125629435 +0200 +@@ -43,7 +43,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -327,7 +327,7 @@ + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/ssl # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate