* Reenable certificate validation through libressl
(libressl 2.2.6 seems to be happy enough with the ca_root_nss 3.22.2 upgrade) * Avoid strptime %Z which is nonstandard and can give surprising results on different operating systems. (Same fix as upstream.) PR: 207685 Submitted by: mandree
This commit is contained in:
Christian Weisgerber
parent
88a26ec97b
commit
2bcd64c879
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=410654
2 changed files with 26 additions and 14 deletions
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
PORTNAME= openntpd
|
||||
PORTVERSION= 5.7p4
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
PORTEPOCH= 2
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= OPENBSD/OpenNTPD
|
||||
|
|
@ -20,25 +20,26 @@ USE_RC_SUBR= openntpd
|
|||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --disable-silent-rules
|
||||
|
||||
# XXX:
|
||||
# * LibreSSL fails with the certificiate bundle from ca_root_nss.
|
||||
# * LibreSSL fails with the certificiate bundle from ca_root_nss;
|
||||
# 3.22.2 appears to work just fine (unlike 3.22).
|
||||
# * USE_OPENSSL does not handle LibreSSL yet.
|
||||
#
|
||||
#OPTIONS_DEFINE= RESSL
|
||||
#RESSL_DESC= SSL/TLS support via LibreSSL
|
||||
#
|
||||
#OPTIONS_DEFAULT= RESSL
|
||||
#
|
||||
#RESSL_LIB_DEPENDS= libtls.so:${PORTSDIR}/security/libressl
|
||||
#RESSL_CONFIGURE_WITH= cacert=${LOCALBASE}/etc/ssl/cert.pem
|
||||
#RESSL_CPPFLAGS= -I${LOCALBASE}/include
|
||||
#RESSL_LDFLAGS= -L${LOCALBASE}/lib
|
||||
|
||||
OPTIONS_DEFINE= RESSL
|
||||
RESSL_DESC= SSL/TLS support via LibreSSL
|
||||
|
||||
OPTIONS_DEFAULT= RESSL
|
||||
|
||||
RESSL_LIB_DEPENDS= libtls.so:${PORTSDIR}/security/libressl
|
||||
RESSL_CONFIGURE_WITH= cacert=${LOCALBASE}/etc/ssl/cert.pem
|
||||
RESSL_CPPFLAGS= -I${LOCALBASE}/include
|
||||
RESSL_LDFLAGS= -L${LOCALBASE}/lib
|
||||
RESSL_RUN_DEPENDS= ca_root_nss>=3.22.2:${PORTSDIR}/security/ca_root_nss
|
||||
|
||||
pre-build:
|
||||
${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \
|
||||
${WRKSRC}/src/ntpd.conf.5 ${WRKSRC}/src/ntpd.8
|
||||
|
||||
post-install:
|
||||
cd ${STAGEDIR}${PREFIX}/etc; ${MV} ntpd.conf ntpd.conf.sample
|
||||
cd ${STAGEDIR}${PREFIX}/etc && ${MV} ntpd.conf ntpd.conf.sample
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
|
|
|||
11
net/openntpd/files/patch-src_constraint.c
Normal file
11
net/openntpd/files/patch-src_constraint.c
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
--- src/constraint.c.orig 2015-03-14 21:24:11 UTC
|
||||
+++ src/constraint.c
|
||||
@@ -665,7 +665,7 @@ httpsdate_request(struct httpsdate *http
|
||||
* or ANSI C's asctime() - the latter doesn't include
|
||||
* the timezone which is required here.
|
||||
*/
|
||||
- if (strptime(p, "%a, %d %h %Y %T %Z",
|
||||
+ if (strptime(p, "%a, %d %h %Y %T GMT",
|
||||
&httpsdate->tls_tm) == NULL) {
|
||||
log_warnx("unsupported date format");
|
||||
free(line);
|
||||
Loading…
Reference in a new issue