diff options
| author | Jean-Yves Lefort <jylefort@FreeBSD.org> | 2005-05-23 22:21:25 +0000 |
|---|---|---|
| committer | Jean-Yves Lefort <jylefort@FreeBSD.org> | 2005-05-23 22:21:25 +0000 |
| commit | 9e01a15a9e7a21c24d7218d9348be55257b501cd (patch) | |
| tree | bc94d035785acb4bf8d5af10a8b5a9ded60b9b52 /security | |
| parent | bf9a2be8e16be3ec91828db9152a641cdaf5f54d (diff) | |
| download | ports-9e01a15a9e7a21c24d7218d9348be55257b501cd.tar.gz ports-9e01a15a9e7a21c24d7218d9348be55257b501cd.zip | |
Notes
Diffstat (limited to 'security')
20 files changed, 585 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 8c5397a00a28..659ad5fa8180 100644 --- a/security/Makefile +++ b/security/Makefile @@ -236,6 +236,7 @@ SUBDIR += opencdk SUBDIR += opensc SUBDIR += opensc-esteid + SUBDIR += openscep SUBDIR += openssh SUBDIR += openssh-askpass SUBDIR += openssh-portable diff --git a/security/openscep/Makefile b/security/openscep/Makefile new file mode 100644 index 000000000000..02bbbbe71599 --- /dev/null +++ b/security/openscep/Makefile @@ -0,0 +1,73 @@ +# New ports collection makefile for: openscep +# Date created: May 19 2005 +# Whom: Vsevolod Stakhov +# +# $FreeBSD$ +# + +PORTNAME= openscep +PORTVERSION= 0.4.2 +CATEGORIES= security +MASTER_SITES= http://openscep.othello.ch/download/ + +MAINTAINER= vsevolod@highsecure.ru +COMMENT= Open source scep server + +USE_REINPLACE= yes +USE_OPENSSL= yes +USE_OPENLDAP= yes +USE_APACHE= yes +USE_LIBTOOL_VER=15 +USE_GMAKE= yes + +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ + LIBS="-L${LOCALBASE}/lib" +CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} +CONFIGURE_ARGS= --with-html-install-dir="${PREFIX}/www/openscep" \ + --with-cgi-install-dir="${PREFIX}/www/cgi-bin/openscep" \ + --with-openscep-dir="${PREFIX}/etc/openscep" \ + --with-pkiclientexe="${PREFIX}/www/cgi-bin/pkiclient.exe" + +MAKE_ENV= CPPFLAGS="-I${LOCALBASE}/include" + +CONF_DIR= ${PREFIX}/etc/${PORTNAME} +CONF_FILES= openscep.cnf openscep.ldif openscep.schema slapd.conf + +SUB_FILES= pkg-deinstall pkg-install pkg-message +SUB_LIST= CONF_DIR="${CONF_DIR}" CONF_FILES="${CONF_FILES}" + +MAN1= derdump.1 \ + scep.1 \ + scepclient.1 \ + scepconf.1 \ + sceplist.1 \ + scepxid.1 +MAN5= openscep.cnf.5 +MAN8= cafingerprint.8 \ + createcrl.8 \ + crl2ldap.8 \ + dn2xid.8 \ + scepd.8 \ + scepgrant.8 \ + scepreject.8 \ + updatecrl.8 + +post-patch: + @${REINPLACE_CMD} -e '/^subdirs=/ s|libltdl||' ${WRKSRC}/configure + @${REINPLACE_CMD} -e '/^SUBDIRS =/ s|libltdl||' ${WRKSRC}/Makefile.in + @${REINPLACE_CMD} -e 's|^\(install-data-am:\) install-data-local$$|\1|' \ + ${WRKSRC}/ldap/Makefile.in ${WRKSRC}/openssl/Makefile.in + +post-install: + ${MKDIR} ${CONF_DIR} + ${INSTALL_DATA} ${WRKSRC}/openssl/openscep.cnf ${CONF_DIR}/openscep.cnf.default +.for f in openscep.ldif openscep.schema slapd.conf + ${INSTALL_DATA} ${WRKSRC}/ldap/${f} ${CONF_DIR}/${f}.default +.endfor + ${CHOWN} www:www ${PREFIX}/www/cgi-bin/openscep/* + ${CHOWN} www:www ${PREFIX}/www/cgi-bin/pkiclient.exe + ${CHOWN} www:www ${PREFIX}/etc/openscep/* + @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/security/openscep/distinfo b/security/openscep/distinfo new file mode 100644 index 000000000000..ce0b7f404da7 --- /dev/null +++ b/security/openscep/distinfo @@ -0,0 +1,2 @@ +MD5 (openscep-0.4.2.tar.gz) = 484123dd1f02cc98b1a81ecb1f95aa59 +Size (openscep-0.4.2.tar.gz) = 416294 diff --git a/security/openscep/files/patch-include_openscep_err.h b/security/openscep/files/patch-include_openscep_err.h new file mode 100644 index 000000000000..6b003582d0f0 --- /dev/null +++ b/security/openscep/files/patch-include_openscep_err.h @@ -0,0 +1,36 @@ +--- include/openscep_err.h.orig Thu May 19 16:26:46 2005 ++++ include/openscep_err.h Thu May 19 16:26:46 2005 +@@ -0,0 +1,33 @@ ++#ifndef HEADER_OPENSCEP_ERR_H ++#define HEADER_OPENSCEP_ERR_H ++ ++#if OPENSSL_VERSION_NUMBER < 0x00907000L ++/* ERR_unload_strings was added in 0.9.7. with older versions, it's ++ redefined as a no-op here so the auto-generated code in ++ openscep_err.c doesn't need to be changed. */ ++#define ERR_unload_strings(A,B) do{}while(0) ++#endif ++ ++/* BEGIN ERROR CODES */ ++/* The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_OPENSCEP_strings(void); ++void ERR_unload_OPENSCEP_strings(void); ++void ERR_OPENSCEP_error(int function, int reason, char *file, int line); ++#define OPENSCEPerr(f,r) ERR_OPENSCEP_error((f),(r),__FILE__,__LINE__) ++ ++/* Error codes for the OPENSCEP functions. */ ++ ++/* Function codes. */ ++#define OPENSCEP_F_D2I_ISSUER_AND_SUBJECT 100 ++#define OPENSCEP_F_D2I_PAYLOAD 101 ++#define OPENSCEP_F_ISSUER_AND_SUBJECT_NEW 102 ++#define OPENSCEP_F_PAYLOAD_NEW 103 ++ ++/* Reason codes. */ ++ ++#ifdef __cplusplus ++} ++#endif ++#endif diff --git a/security/openscep/files/patch-lib_Makefile.in b/security/openscep/files/patch-lib_Makefile.in new file mode 100644 index 000000000000..e65904cf12a2 --- /dev/null +++ b/security/openscep/files/patch-lib_Makefile.in @@ -0,0 +1,37 @@ +--- lib/Makefile.in.orig Tue Feb 26 02:11:39 2002 ++++ lib/Makefile.in Thu May 19 16:35:38 2005 +@@ -115,14 +115,13 @@ + + LDADD = libscep.la + LDFLAGS = -R$(libdir) $(LIBS) +-CPPFLAGS = -DOPENSCEPDIR=\"$(OPENSCEPDIR)\" ++CPPFLAGS += -DOPENSCEPDIR=\"$(OPENSCEPDIR)\" + + VERSION_FILE = openscep_vers.c + + libscep_la_LDFLAGS = -version-info `../shtool version -d libtool $(VERSION_FILE)` + +-libscep_la_SOURCES = init.c isasu.c decode.c sigattr.c pkcsreq.c certrep.c getcertinitial.c getcert.c getcrl.c badreply.c attr.c goodreply.c encode.c check.c grant.c scepldap.c fingerprint.c openscep_vers.c selfsigned.c createreq.c http.c iser.c proxy.c payload.c v2request.c transcheck.c pending.c spki2file.c +- ++libscep_la_SOURCES = init.c isasu.c decode.c sigattr.c pkcsreq.c certrep.c getcertinitial.c getcert.c getcrl.c badreply.c attr.c goodreply.c encode.c check.c grant.c scepldap.c fingerprint.c openscep_vers.c selfsigned.c createreq.c http.c iser.c proxy.c payload.c v2request.c transcheck.c pending.c spki2file.c openscep_err.c + + INCLUDES = $(INCLTDL) -I$(top_srcdir)/include -I$(OPENSSLDIR)/include + mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +@@ -138,7 +137,8 @@ + certrep.lo getcertinitial.lo getcert.lo getcrl.lo badreply.lo attr.lo \ + goodreply.lo encode.lo check.lo grant.lo scepldap.lo fingerprint.lo \ + openscep_vers.lo selfsigned.lo createreq.lo http.lo iser.lo proxy.lo \ +-payload.lo v2request.lo transcheck.lo pending.lo spki2file.lo ++payload.lo v2request.lo transcheck.lo pending.lo spki2file.lo \ ++openscep_err.lo + CFLAGS = @CFLAGS@ + COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) + LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +@@ -364,6 +364,7 @@ + ../include/scep.h ../include/isasu.h ../include/payload.h \ + ../include/transcheck.h ../include/pending.h \ + ../include/goodreply.h ../include/badreply.h ../include/init.h ++openscep_err.lo openscep_err.o : openscep_err.c ../include/openscep_err.h + + info-am: + info: info-am diff --git a/security/openscep/files/patch-lib_decode.c b/security/openscep/files/patch-lib_decode.c new file mode 100644 index 000000000000..e06c58fed984 --- /dev/null +++ b/security/openscep/files/patch-lib_decode.c @@ -0,0 +1,10 @@ +--- lib/decode.c.orig Tue Feb 26 02:01:06 2002 ++++ lib/decode.c Thu May 19 16:23:01 2005 +@@ -58,6 +58,7 @@ + __LINE__, (scep->client) ? "reply" : "request"); + + /* convert from base64 to internal representation */ ++ BIO_set_mem_eof_return(bio, 0); + if (msg->base64) { + if (debug) + BIO_printf(bio_err, "%s:%d: prepending Base64 " diff --git a/security/openscep/files/patch-lib_http.c b/security/openscep/files/patch-lib_http.c new file mode 100644 index 000000000000..57cd8f999c36 --- /dev/null +++ b/security/openscep/files/patch-lib_http.c @@ -0,0 +1,10 @@ +--- lib/http.c.orig Thu May 19 16:37:26 2005 ++++ lib/http.c Thu May 19 16:38:42 2005 +@@ -19,6 +19,7 @@ + #include <string.h> + #include <openssl/err.h> + #include <arpa/inet.h> ++#include <netinet/in.h> + + /* + * parse the url given in the second argument and fill in the h member diff --git a/security/openscep/files/patch-lib_init.c b/security/openscep/files/patch-lib_init.c new file mode 100644 index 000000000000..75bdd1330f11 --- /dev/null +++ b/security/openscep/files/patch-lib_init.c @@ -0,0 +1,22 @@ +--- lib/init.c.orig Wed Feb 20 02:40:06 2002 ++++ lib/init.c Thu May 19 16:23:01 2005 +@@ -21,6 +21,7 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <unistd.h> ++#include <openscep_err.h> + + #define TMPPATH "/var/tmp/openscep" + +@@ -66,6 +67,11 @@ + ERR_load_crypto_strings(); + if (debug) + fprintf(stderr, "%s:%d: crypto strings loaded\n", __FILE__, ++ __LINE__); ++ ++ ERR_load_OPENSCEP_strings(); ++ if (debug) ++ fprintf(stderr, "%s:%d: openscep strings loaded\n", __FILE__, + __LINE__); + + /* add the encryption algorithms available */ diff --git a/security/openscep/files/patch-lib_isasu.c b/security/openscep/files/patch-lib_isasu.c new file mode 100644 index 000000000000..07f62ca1ed5d --- /dev/null +++ b/security/openscep/files/patch-lib_isasu.c @@ -0,0 +1,28 @@ +--- lib/isasu.c.orig Wed Feb 20 02:40:06 2002 ++++ lib/isasu.c Thu May 19 16:23:01 2005 +@@ -12,6 +12,7 @@ + #include <init.h> + #include <unistd.h> + #include <fcntl.h> ++#include <openscep_err.h> + + /* + * the methods in this file are based on the similar functions for the +@@ -40,7 +41,7 @@ + M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME); + M_ASN1_D2I_get(ret->subject, d2i_X509_NAME); + M_ASN1_D2I_Finish(a,issuer_and_subject_free, +- ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL); ++ OPENSCEP_F_D2I_ISSUER_AND_SUBJECT); + } + + issuer_and_subject_t *issuer_and_subject_new(void) { +@@ -50,7 +51,7 @@ + M_ASN1_New(ret->issuer, X509_NAME_new); + M_ASN1_New(ret->subject, X509_NAME_new); + return ret; +- M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW); /* wrong error code */ ++ M_ASN1_New_Error(OPENSCEP_F_ISSUER_AND_SUBJECT_NEW); + } + + void issuer_and_subject_free(issuer_and_subject_t *isasu) { diff --git a/security/openscep/files/patch-lib_openscep__err.c b/security/openscep/files/patch-lib_openscep__err.c new file mode 100644 index 000000000000..a0ea6b031416 --- /dev/null +++ b/security/openscep/files/patch-lib_openscep__err.c @@ -0,0 +1,139 @@ +--- lib/openscep_err.c.orig Thu May 19 16:26:46 2005 ++++ lib/openscep_err.c Thu May 19 16:26:46 2005 +@@ -0,0 +1,136 @@ ++/* openscep_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. ++ */ ++ ++#include <stdio.h> ++#include <openssl/err.h> ++#include "openscep_err.h" ++ ++/* BEGIN ERROR CODES */ ++#ifndef OPENSSL_NO_ERR ++static ERR_STRING_DATA OPENSCEP_str_functs[]= ++ { ++{ERR_PACK(0,OPENSCEP_F_D2I_ISSUER_AND_SUBJECT,0), "D2I_ISSUER_AND_SUBJECT"}, ++{ERR_PACK(0,OPENSCEP_F_D2I_PAYLOAD,0), "D2I_PAYLOAD"}, ++{ERR_PACK(0,OPENSCEP_F_ISSUER_AND_SUBJECT_NEW,0), "ISSUER_AND_SUBJECT_NEW"}, ++{ERR_PACK(0,OPENSCEP_F_PAYLOAD_NEW,0), "PAYLOAD_NEW"}, ++{0,NULL} ++ }; ++ ++static ERR_STRING_DATA OPENSCEP_str_reasons[]= ++ { ++{0,NULL} ++ }; ++ ++#endif ++ ++#ifdef OPENSCEP_LIB_NAME ++static ERR_STRING_DATA OPENSCEP_lib_name[]= ++ { ++{0 ,OPENSCEP_LIB_NAME}, ++{0,NULL} ++ }; ++#endif ++ ++ ++static int OPENSCEP_lib_error_code=0; ++static int OPENSCEP_error_init=1; ++ ++void ERR_load_OPENSCEP_strings(void) ++ { ++ if (OPENSCEP_lib_error_code == 0) ++ OPENSCEP_lib_error_code=ERR_get_next_error_library(); ++ ++ if (OPENSCEP_error_init) ++ { ++ OPENSCEP_error_init=0; ++#ifndef OPENSSL_NO_ERR ++ ERR_load_strings(OPENSCEP_lib_error_code,OPENSCEP_str_functs); ++ ERR_load_strings(OPENSCEP_lib_error_code,OPENSCEP_str_reasons); ++#endif ++ ++#ifdef OPENSCEP_LIB_NAME ++ OPENSCEP_lib_name->error = ERR_PACK(OPENSCEP_lib_error_code,0,0); ++ ERR_load_strings(0,OPENSCEP_lib_name); ++#endif ++ } ++ } ++ ++void ERR_unload_OPENSCEP_strings(void) ++ { ++ if (OPENSCEP_error_init == 0) ++ { ++#ifndef OPENSSL_NO_ERR ++ ERR_unload_strings(OPENSCEP_lib_error_code,OPENSCEP_str_functs); ++ ERR_unload_strings(OPENSCEP_lib_error_code,OPENSCEP_str_reasons); ++#endif ++ ++#ifdef OPENSCEP_LIB_NAME ++ ERR_unload_strings(0,OPENSCEP_lib_name); ++#endif ++ OPENSCEP_error_init=1; ++ } ++ } ++ ++void ERR_OPENSCEP_error(int function, int reason, char *file, int line) ++ { ++ if (OPENSCEP_lib_error_code == 0) ++ OPENSCEP_lib_error_code=ERR_get_next_error_library(); ++ ERR_PUT_error(OPENSCEP_lib_error_code,function,reason,file,line); ++ } diff --git a/security/openscep/files/patch-lib_payload.c b/security/openscep/files/patch-lib_payload.c new file mode 100644 index 000000000000..fe73e22a1dc5 --- /dev/null +++ b/security/openscep/files/patch-lib_payload.c @@ -0,0 +1,28 @@ +--- lib/payload.c.orig Mon Feb 25 00:40:01 2002 ++++ lib/payload.c Thu May 19 16:26:46 2005 +@@ -16,6 +16,7 @@ + #include <missl.h> + #include <scepldap.h> + #include <fcntl.h> ++#include <openscep_err.h> + + /* + * payload_build_original convert the original request into a bit string +@@ -68,7 +69,7 @@ + p->rt = -1; + p->od.req = NULL; + return p; +- M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW); /* wrong error code */ ++ M_ASN1_New_Error(OPENSCEP_F_PAYLOAD_NEW); + } + + void payload_free(payload_t *a) { +@@ -171,7 +172,7 @@ + ret->od.spki = d2i_NETSCAPE_SPKI(&r2, &u, l); + break; + } +- M_ASN1_D2I_Finish(a, payload_free, ASN1_F_D2I_X509_REQ_INFO); ++ M_ASN1_D2I_Finish(a, payload_free, OPENSCEP_F_D2I_PAYLOAD); + } + + /* diff --git a/security/openscep/files/patch-lib_sigattr.c b/security/openscep/files/patch-lib_sigattr.c new file mode 100644 index 000000000000..f90f9afc4600 --- /dev/null +++ b/security/openscep/files/patch-lib_sigattr.c @@ -0,0 +1,35 @@ +--- lib/sigattr.c.orig Wed Feb 20 02:40:06 2002 ++++ lib/sigattr.c Thu May 19 16:26:46 2005 +@@ -8,6 +8,7 @@ + #include <sigattr.h> + #include <init.h> + #include <openssl/err.h> ++#include <openssl/opensslv.h> + + /* + * read an attribute of type string +@@ -120,6 +121,7 @@ + X509_ATTRIBUTE *attr; + int i; + scepmsg_t *msg; ++ int single; + + if (debug) + BIO_printf(bio_err, "%s:%d: looking for attribute '%s'\n", +@@ -146,8 +148,14 @@ + for (i = 0; i < sk_X509_ATTRIBUTE_num(sig_attribs); i++) { + attr = sk_X509_ATTRIBUTE_value(sig_attribs, i); + if (OBJ_cmp(attr->object, asn1_obj) == 0) { +- if ((!attr->set) || (sk_ASN1_TYPE_num(attr->value.set) +- == 0)) { ++#if OPENSSL_VERSION_NUMBER < 0x00907000L ++ /* attr->set was replaced with attr->single (with opposite ++ meaning) somewhere between 0.9.6m-engine and 0.9.7d */ ++ single = !attr->set; ++#else ++ single = attr->single; ++#endif ++ if (single || (sk_ASN1_TYPE_num(attr->value.set) == 0)) { + BIO_printf(bio_err, "%s:%d: attr has no val\n", + __FILE__, __LINE__); + goto err; diff --git a/security/openscep/files/patch-scepd_Makefile.in b/security/openscep/files/patch-scepd_Makefile.in new file mode 100644 index 000000000000..975147e37e41 --- /dev/null +++ b/security/openscep/files/patch-scepd_Makefile.in @@ -0,0 +1,11 @@ +--- scepd/Makefile.in.orig Thu May 19 16:41:14 2005 ++++ scepd/Makefile.in Thu May 19 16:41:26 2005 +@@ -132,7 +132,7 @@ + LDADD = ../lib/libscep.la + LDFLAGS = -R$(libdir) + +-CPPFLAGS = -DOPENSCEPDIR=\"$(OPENSCEPDIR)\" ++CPPFLAGS += -DOPENSCEPDIR=\"$(OPENSCEPDIR)\" + + INCLUDES = $(INCLTDL) -I$(top_srcdir)/include -I$(OPENSSLDIR)/include + mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs diff --git a/security/openscep/files/patch-scepd_dn2xid.c b/security/openscep/files/patch-scepd_dn2xid.c new file mode 100644 index 000000000000..13b79fec6b1c --- /dev/null +++ b/security/openscep/files/patch-scepd_dn2xid.c @@ -0,0 +1,10 @@ +--- scepd/dn2xid.c.orig Mon Mar 26 14:36:47 2001 ++++ scepd/dn2xid.c Thu May 19 16:26:46 2005 +@@ -11,6 +11,7 @@ + #include <ldap.h> + #include <unistd.h> + #include <openssl/bio.h> ++#include <openssl/evp.h> + #include <openssl/x509.h> + #include <openssl/err.h> + #include <fingerprint.h> diff --git a/security/openscep/files/patch-scepd_sceplist.c b/security/openscep/files/patch-scepd_sceplist.c new file mode 100644 index 000000000000..6fff4ae7bd07 --- /dev/null +++ b/security/openscep/files/patch-scepd_sceplist.c @@ -0,0 +1,32 @@ +--- scepd/sceplist.c.orig Thu May 19 16:59:02 2005 ++++ scepd/sceplist.c Thu May 19 17:02:22 2005 +@@ -96,7 +96,6 @@ + /* + * convert ASN1 time string to a struct tm + */ +-extern time_t timezone; /* compiler does not like it inside func */ + #ifdef HAVE_ALTZONE + extern time_t altzone; + #endif /* HAVE_ALTZONE */ +@@ -124,19 +123,15 @@ + rtm.tm_year = atoi(work); + if (rtm.tm_year < 70) + rtm.tm_year += 100; ++ rtm.tm_zone = 0; + +- /* set the time zone to GMT, as mktime uses the local time zone */ +- timezone = 0; + #ifdef HAVE_ALTZONE + altzone = 0; + #endif /* HAVE_ALTZONE */ + + /* use mktime to normalize the structure and t convert to a */ + /* time_t value */ +- rt = mktime(&rtm); +- +- /* reset the time zone to local settings */ +- tzset(); ++ rt = timegm(&rtm); + + return rt; + } diff --git a/security/openscep/files/pkg-deinstall.in b/security/openscep/files/pkg-deinstall.in new file mode 100644 index 000000000000..19c51b8a3ad8 --- /dev/null +++ b/security/openscep/files/pkg-deinstall.in @@ -0,0 +1,9 @@ +#!/bin/sh + +[ "$2" != "DEINSTALL" ] && exit 0 + +for f in %%CONF_FILES%%; do + if cmp -s "%%CONF_DIR%%/$f" "%%CONF_DIR%%/$f.default"; then + rm -f "%%CONF_DIR%%/$f" + fi +done diff --git a/security/openscep/files/pkg-install.in b/security/openscep/files/pkg-install.in new file mode 100644 index 000000000000..585a18d73eba --- /dev/null +++ b/security/openscep/files/pkg-install.in @@ -0,0 +1,7 @@ +#!/bin/sh + +[ "$2" != "POST-INSTALL" ] && exit 0 + +for f in %%CONF_FILES%%; do + [ -f "%%CONF_DIR%%/$f" ] || cp -p "%%CONF_DIR%%/$f.default" "%%CONF_DIR%%/$f" +done diff --git a/security/openscep/files/pkg-message.in b/security/openscep/files/pkg-message.in new file mode 100644 index 000000000000..83a5e542d1c6 --- /dev/null +++ b/security/openscep/files/pkg-message.in @@ -0,0 +1,14 @@ +====================================================================== +You now need to add an alias to apache's httpd.conf pointing to +%%PREFIX%%/www/openscep in order to access openscep from +your web browser, or create a VirtualHost with DocumentRoot set +to that directory. + +You should also include %%PREFIX%%/etc/openscep/openscep.schema +into your slapd config (sample of this is at +%%PREFIX%%/etc/openscep/slapd.conf). + +Furthermore, you should add your ldap directory information from +%%PREFIX%%/etc/openscep/openscep.ldif and edit DN specific information +there before doing ldapadd. +====================================================================== diff --git a/security/openscep/pkg-descr b/security/openscep/pkg-descr new file mode 100644 index 000000000000..dfd57c161d24 --- /dev/null +++ b/security/openscep/pkg-descr @@ -0,0 +1,8 @@ +OpenSCEP is an open source implementation of the SCEP protocol used by Cisco +routers for certificate enrollment to build VPNs. It implements most of the +draft specification. + +OpenSCEP includes a client and a server implementation, as well as some CGI +programs to simplify certificate and revocation list management. + +WWW: http://openscep.othello.ch/ diff --git a/security/openscep/pkg-plist b/security/openscep/pkg-plist new file mode 100644 index 000000000000..900f117f0874 --- /dev/null +++ b/security/openscep/pkg-plist @@ -0,0 +1,73 @@ +bin/derdump +bin/scep +bin/scepclient +bin/scepconf +bin/scepkey +bin/sceplist +bin/scepxid +etc/openscep/openscep.cnf.default +etc/openscep/openscep.ldif.default +etc/openscep/openscep.schema.default +etc/openscep/slapd.conf.default +lib/libscep.a +lib/libscep.so +lib/libscep.so.4 +sbin/cafingerprint +sbin/createcrl +sbin/crl2ldap +sbin/dn2xid +sbin/openscepsetup +sbin/scepd +sbin/scepgrant +sbin/scepreject +sbin/updatecrl +www/cgi-bin/openscep/add.pl +www/cgi-bin/openscep/crl.pl +www/cgi-bin/openscep/granted.pl +www/cgi-bin/openscep/log.pl +www/cgi-bin/openscep/pending.pl +www/cgi-bin/openscep/rejected.pl +www/cgi-bin/openscep/revoked.pl +www/cgi-bin/pkiclient.exe +www/openscep/COPYING +www/openscep/ChangeLog +www/openscep/INSTALL +www/openscep/NEWS +www/openscep/README +www/openscep/SETUP +www/openscep/TODO +www/openscep/add.gif +www/openscep/cafingerprint.8.html +www/openscep/contents.html +www/openscep/createcrl.8.html +www/openscep/crl.gif +www/openscep/crl2ldap.8.html +www/openscep/derdump.1.html +www/openscep/dn2xid.8.html +www/openscep/draft-nourse-scep-05.txt +www/openscep/granted.gif +www/openscep/help.gif +www/openscep/help.html +www/openscep/index.html +www/openscep/log.gif +www/openscep/openscep.cnf.5.html +www/openscep/openscep.gif +www/openscep/openscep.png +www/openscep/rejected.gif +www/openscep/requests.gif +www/openscep/revocation.html +www/openscep/revoked.gif +www/openscep/scep.1.html +www/openscep/scepclient.1.html +www/openscep/scepconf.1.html +www/openscep/scepd.8.html +www/openscep/scepgrant.8.html +www/openscep/sceplist.1.html +www/openscep/scepreject.8.html +www/openscep/scepxid.1.html +www/openscep/title.html +www/openscep/updatecrl.8.html +www/openscep/welcome.html +@dirrm www/cgi-bin/openscep +@dirrm www/openscep +@unexec rmdir %D/etc/openscep 2>/dev/null || true |