diff options
| author | Christian Weisgerber <naddy@FreeBSD.org> | 2016-03-08 20:19:07 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@FreeBSD.org> | 2016-03-08 20:19:07 +0000 |
| commit | 2bcd64c8792ebe699f5a0a518f3a1fc173a190a0 (patch) | |
| tree | 17a4a28e55c24505da574c6bf52a5dd78f5060a0 /net | |
| parent | Update to the 20160306 development snapshot of GCC 6. (diff) | |
* Reenable certificate validation through libressl
(libressl 2.2.6 seems to be happy enough with the ca_root_nss 3.22.2
upgrade)
* Avoid strptime %Z which is nonstandard and can give surprising
results on different operating systems. (Same fix as upstream.)
PR: 207685
Submitted by: mandree
Diffstat (limited to 'net')
| -rw-r--r-- | net/openntpd/Makefile | 29 | ||||
| -rw-r--r-- | net/openntpd/files/patch-src_constraint.c | 11 |
2 files changed, 26 insertions, 14 deletions
diff --git a/net/openntpd/Makefile b/net/openntpd/Makefile index 48d71604a156..8f27e9dea03b 100644 --- a/net/openntpd/Makefile +++ b/net/openntpd/Makefile @@ -2,7 +2,7 @@ PORTNAME= openntpd PORTVERSION= 5.7p4 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 2 CATEGORIES= net MASTER_SITES= OPENBSD/OpenNTPD @@ -20,25 +20,26 @@ USE_RC_SUBR= openntpd GNU_CONFIGURE= yes CONFIGURE_ARGS= --disable-silent-rules -# XXX: -# * LibreSSL fails with the certificiate bundle from ca_root_nss. +# * LibreSSL fails with the certificiate bundle from ca_root_nss; +# 3.22.2 appears to work just fine (unlike 3.22). # * USE_OPENSSL does not handle LibreSSL yet. -# -#OPTIONS_DEFINE= RESSL -#RESSL_DESC= SSL/TLS support via LibreSSL -# -#OPTIONS_DEFAULT= RESSL -# -#RESSL_LIB_DEPENDS= libtls.so:${PORTSDIR}/security/libressl -#RESSL_CONFIGURE_WITH= cacert=${LOCALBASE}/etc/ssl/cert.pem -#RESSL_CPPFLAGS= -I${LOCALBASE}/include -#RESSL_LDFLAGS= -L${LOCALBASE}/lib + +OPTIONS_DEFINE= RESSL +RESSL_DESC= SSL/TLS support via LibreSSL + +OPTIONS_DEFAULT= RESSL + +RESSL_LIB_DEPENDS= libtls.so:${PORTSDIR}/security/libressl +RESSL_CONFIGURE_WITH= cacert=${LOCALBASE}/etc/ssl/cert.pem +RESSL_CPPFLAGS= -I${LOCALBASE}/include +RESSL_LDFLAGS= -L${LOCALBASE}/lib +RESSL_RUN_DEPENDS= ca_root_nss>=3.22.2:${PORTSDIR}/security/ca_root_nss pre-build: ${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \ ${WRKSRC}/src/ntpd.conf.5 ${WRKSRC}/src/ntpd.8 post-install: - cd ${STAGEDIR}${PREFIX}/etc; ${MV} ntpd.conf ntpd.conf.sample + cd ${STAGEDIR}${PREFIX}/etc && ${MV} ntpd.conf ntpd.conf.sample .include <bsd.port.mk> diff --git a/net/openntpd/files/patch-src_constraint.c b/net/openntpd/files/patch-src_constraint.c new file mode 100644 index 000000000000..d10ba1c19ee8 --- /dev/null +++ b/net/openntpd/files/patch-src_constraint.c @@ -0,0 +1,11 @@ +--- src/constraint.c.orig 2015-03-14 21:24:11 UTC ++++ src/constraint.c +@@ -665,7 +665,7 @@ httpsdate_request(struct httpsdate *http + * or ANSI C's asctime() - the latter doesn't include + * the timezone which is required here. + */ +- if (strptime(p, "%a, %d %h %Y %T %Z", ++ if (strptime(p, "%a, %d %h %Y %T GMT", + &httpsdate->tls_tm) == NULL) { + log_warnx("unsupported date format"); + free(line); |