1PORTNAME= openssl 2DISTVERSION= 3.0.20 3CATEGORIES= security devel 4 5MAINTAINER= ports@MidnightBSD.org 6COMMENT= TLSv1.3 capable SSL and crypto library 7WWW= https://www.openssl.org/ 8 9LICENSE= Apache-2.0 10LICENSE_FILE= ${WRKSRC}/LICENSE.txt 11 12#EXPIRATION_DATE= 2026-09-07 13 14CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3* openssl-quictls 15 16HAS_CONFIGURE= yes 17CONFIGURE_SCRIPT= config 18CONFIGURE_ENV= PERL="${PERL}" 19CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ 20 --prefix=${PREFIX} 21 22USES= cpe perl5 23USE_PERL5= build 24USE_GITHUB= yes 25GH_TAGNAME= ${PORTNAME}-${PORTVERSION} 26#TEST_TARGET= test 27NO_TEST= yes 28 29LDFLAGS_i386= -Wl,-znotext 30 31MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" 32MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= 33 34OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS 35OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS 36OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 37OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS 38OPTIONS_GROUP_MODULES= FIPS LEGACY 39OPTIONS_DEFINE_i386= I386 40OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 41 42OPTIONS_DEFINE= ASYNC KTLS CT MAN3 RFC3779 SHARED ZLIB 43 44OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST MAN3 MD4 NEXTPROTONEG \ 45 RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 46 47OPTIONS_GROUP_OPTIMIZE_amd64= EC 48 49.if ${MACHINE_ARCH} == "amd64" 50OPTIONS_GROUP_OPTIMIZE+= EC 51CONFIGURE_ARGS+= "BSD-x86_64" 52.else 53CONFIGURE_ARGS+= "BSD-x86-elf" 54.endif 55 56OPTIONS_SUB= yes 57 58ARIA_DESC= ARIA (South Korean standard) 59ASM_DESC= Assembler code 60ASYNC_DESC= Asynchronous mode 61CIPHERS_DESC= Block Cipher Support 62CT_DESC= Certificate Transparency Support 63DES_DESC= (Triple) Data Encryption Standard 64EC_DESC= Optimize NIST elliptic curves 65FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) 66GOST_DESC= GOST (Russian standard) 67HASHES_DESC= Hash Function Support 68I386_DESC= i386 (instead of i486+) 69IDEA_DESC= International Data Encryption Algorithm 70KTLS_DESC= Use in-kernel TLS (MidnightBSD >4) 71LEGACY_DESC= Older algorithms 72MAN3_DESC= Install API manpages (section 3, 7) 73MD2_DESC= MD2 (obsolete) (requires LEGACY) 74MD4_DESC= MD4 (unsafe) 75MDC2_DESC= MDC-2 (patented, requires DES) 76MODULES_DESC= Provider modules 77NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) 78OPTIMIZE_DESC= Optimizations 79PROTOCOLS_DESC= Protocol Support 80RC2_DESC= RC2 (unsafe) 81RC4_DESC= RC4 (unsafe) 82RC5_DESC= RC5 (patented) 83RMD160_DESC= RIPEMD-160 84RFC3779_DESC= RFC3779 support (BGP) 85SCTP_DESC= SCTP (Stream Control Transmission) 86SHARED_DESC= Build shared libraries 87SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) 88SM3_DESC= SM3 256bit (Chinese standard) 89SM4_DESC= SM4 128bit (Chinese standard) 90SSE2_DESC= Runtime SSE2 detection 91SSL3_DESC= SSLv3 (unsafe) 92TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) 93TLS1_1_DESC= TLSv1.1 (requires TLS1_2) 94TLS1_2_DESC= TLSv1.2 95WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) 96 97# Upstream default disabled options 98.for _option in fips md2 rc5 ktls sctp ssl3 weak-ssl-ciphers zlib 99${_option:tu}_CONFIGURE_ON= enable-${_option} 100.endfor 101 102# Upstream default enabled options 103.for _option in aria asm async ct des gost idea md4 mdc2 legacy \ 104 nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \ 105 threads tls1 tls1_1 tls1_2 106${_option:tu}_CONFIGURE_OFF= no-${_option} 107.endfor 108 109MD2_IMPLIES= LEGACY 110MDC2_IMPLIES= DES 111TLS1_IMPLIES= TLS1_1 112TLS1_1_IMPLIES= TLS1_2 113 114EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 115FIPS_VARS= shlibs+=lib/ossl-modules/fips.so 116I386_CONFIGURE_ON= 386 117KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls 118LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so 119MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits 120SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} 121SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} 122SHARED_USE= ldconfig=yes 123SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \ 124 lib/libssl.so.${OPENSSL_SHLIBVER} \ 125 lib/engines-${OPENSSL_SHLIBVER}/capi.so \ 126 lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \ 127 lib/engines-${OPENSSL_SHLIBVER}/padlock.so" 128SSL3_CONFIGURE_ON+= enable-ssl3-method 129ZLIB_CONFIGURE_ON= zlib-dynamic 130 131SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so 132 133PORTSCOUT= limit:^${PORTVERSION:R:S/./\./g}\. 134 135.include <bsd.mport.options.mk> 136 137.if ${ARCH} == powerpc64 138CONFIGURE_ARGS+= BSD-ppc64 139.elif ${ARCH} == powerpc64le 140CONFIGURE_ARGS+= BSD-ppc64le 141.elif ${ARCH} == riscv64 142CONFIGURE_ARGS+= BSD-riscv64 143.endif 144 145OPTIONS_EXCLUDE=${${OSVERSION} < 400000:?KTLS:} 146 147.include <bsd.port.pre.mk> 148.if ${PREFIX} == /usr 149IGNORE= the OpenSSL port can not be installed over the base version 150.endif 151 152OPENSSLDIR?= ${PREFIX}/openssl 153PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} 154 155.include "version.mk" 156 157post-patch: 158 ${REINPLACE_CMD} -Ee 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ 159 ${WRKSRC}/Configurations/unix-Makefile.tmpl 160 ${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ 161 ${WRKSRC}/VERSION.dat 162 163post-configure: 164 ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump ) 165 166post-configure-MAN3-off: 167 ${REINPLACE_CMD} \ 168 -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \ 169 -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \ 170 ${WRKSRC}/Makefile 171 172post-install-SHARED-on: 173.for i in ${SHLIBS} 174 -@${STRIP_CMD} ${FAKE_DESTDIR}${PREFIX}/$i 175.endfor 176 177post-install-SHARED-off: 178 ${RMDIR} ${FAKE_DESTDIR}${PREFIX}/lib/engines-12 179 180post-install: 181 ${STRIP_CMD} ${PREFIX}/bin/openssl 182 183post-install-MAN3-on: 184 ( cd ${FAKE_DESTDIR}/${PREFIX} ; find share/man/man3 -not -type d ; \ 185 find share/man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST} 186 187.include <bsd.port.post.mk> 188