While here pass all the dependencies via MAKE_ENV (this will - hopefully - avoid
further problem on platforms where openssl and libevent are not builtins).
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS
encrypted network connections. Connections are transparently
intercepted through a network address translation engine and
redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates
a new SSL/TLS connection to the original destination address, while
logging all data transmitted. SSLsplit is intended to be useful
for network forensics and penetration testing.
SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections
over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit
generates and signs forged X509v3 certificates on-the-fly, based
on the original server certificate subject DN and subjectAltName
extension. SSLsplit fully supports Server Name Indication (SNI)
and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE
cipher suites. Depending on the version of OpenSSL, SSLsplit
supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL
2.0 as well. SSLsplit can also use existing certificates of which
the private key is available, instead of generating forged ones.
SSLsplit supports NULL-prefix CN certificates and can deny OCSP
requests in a generic way. For HTTP and HTTPS connections, SSLsplit
removes response headers for HPKP in order to prevent public key
pinning, for HSTS to allow the user to accept untrusted certificates,
and Alternate Protocols to prevent switching to QUIC/SPDY.