1PORTNAME= openssl 2PORTVERSION= 1.1.1w 3PORTEPOCH= 1 4CATEGORIES= security devel 5MASTER_SITES= https://www.openssl.org/source/ \ 6 ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ 7PKGNAMESUFFIX= 111 8 9MAINTAINER= ports@MidnightBSD.org 10COMMENT= TLSv1.3 capable SSL and crypto library 11WWW= https://www.openssl.org/ 12 13LICENSE= openssl 14LICENSE_NAME= OpenSSL License 15LICENSE_FILE= ${WRKSRC}/LICENSE 16LICENSE_PERMS= dist-mirror pkg-mirror auto-accept 17 18CONFLICTS_INSTALL= libressl-[0-9]* \ 19 libressl-devel-[0-9]* \ 20 openssl-[0-9]* 21 22DEPRECATED= End-of-life since 2023-09-11, see https://www.openssl.org/blog/blog/2023/09/11/eol-111/ \ 23 port will be removed when MidnightBSD 4 is EoL 24 25HAS_CONFIGURE= yes 26CONFIGURE_SCRIPT= config 27CONFIGURE_ENV= PERL="${PERL}" 28CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ 29 --prefix=${PREFIX} 30 31USES= cpe perl5 32USE_PERL5= build 33NO_TEST= yes 34 35LDFLAGS_i386= -Wl,-znotext 36 37MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" 38MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= 39 40#EXTRA_PATCHES+= ${.CURDIR}/../openssl/files/patch-crypto_async_arch_async__posix.h 41 42OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS 43OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS 44OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 45OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS 46OPTIONS_DEFINE_i386= I386 47OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 48 49OPTIONS_DEFINE= ASYNC CT KTLS MAN3 RFC3779 SHARED ZLIB 50 51OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \ 52 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 53 54.if ${MACHINE_ARCH} == "amd64" 55OPTIONS_GROUP_OPTIMIZE+= EC 56.elif ${MACHINE_ARCH} == "mips64el" 57OPTIONS_GROUP_OPTIMIZE+= EC 58.endif 59 60OPTIONS_SUB= yes 61 62ARIA_DESC= ARIA (South Korean standard) 63ASM_DESC= Assembler code 64ASYNC_DESC= Asynchronous mode 65CIPHERS_DESC= Block Cipher Support 66CT_DESC= Certificate Transparency Support 67DES_DESC= (Triple) Data Encryption Standard 68EC_DESC= Optimize NIST elliptic curves 69GOST_DESC= GOST (Russian standard) 70HASHES_DESC= Hash Function Support 71I386_DESC= i386 (instead of i486+) 72IDEA_DESC= International Data Encryption Algorithm 73KTLS_DESC= Kernel TLS offload 74MAN3_DESC= Install API manpages (section 3, 7) 75MD2_DESC= MD2 (obsolete) 76MD4_DESC= MD4 (unsafe) 77MDC2_DESC= MDC-2 (patented, requires DES) 78NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) 79OPTIMIZE_DESC= Optimizations 80PROTOCOLS_DESC= Protocol Support 81RC2_DESC= RC2 (unsafe) 82RC4_DESC= RC4 (unsafe) 83RC5_DESC= RC5 (patented) 84RMD160_DESC= RIPEMD-160 85RFC3779_DESC= RFC3779 support (BGP) 86SCTP_DESC= SCTP (Stream Control Transmission) 87SHARED_DESC= Build shared libraries 88SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) 89SM3_DESC= SM3 256bit (Chinese standard) 90SM4_DESC= SM4 128bit (Chinese standard) 91SSE2_DESC= Runtime SSE2 detection 92SSL3_DESC= SSLv3 (unsafe) 93TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) 94TLS1_1_DESC= TLSv1.1 (requires TLS1_2) 95TLS1_2_DESC= TLSv1.2 96WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) 97 98# Upstream default disabled options 99.for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers 100${_option:tu}_CONFIGURE_ON= enable-${_option} 101.endfor 102 103# Upstream default enabled options 104.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \ 105 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2 106${_option:tu}_CONFIGURE_OFF= no-${_option} 107.endfor 108 109MDC2_IMPLIES= DES 110TLS1_IMPLIES= TLS1_1 111TLS1_1_IMPLIES= TLS1_2 112 113EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 114I386_CONFIGURE_ON= 386 115KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls 116MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_process__docs.pl 117SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} 118SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} 119SHARED_USE= ldconfig=yes 120SSL3_CONFIGURE_ON+= enable-ssl3-method 121ZLIB_CONFIGURE_ON= zlib-dynamic 122 123PORTSCOUT= limit:^1\.1\.1 124 125.include <bsd.port.pre.mk> 126.if ${PREFIX} == /usr 127IGNORE= the OpenSSL port can not be installed over the base version 128.endif 129 130OPENSSLDIR?= ${PREFIX}/openssl 131PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} 132 133.include "version.mk" 134 135post-patch: 136 ${REINPLACE_CMD} \ 137 -e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/share/man|' \ 138 -e 's| install_html_docs$$||' \ 139 -e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \ 140 ${WRKSRC}/Configurations/unix-Makefile.tmpl 141 ${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl 142 143post-configure: 144 ${REINPLACE_CMD} \ 145 -e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \ 146 ${WRKSRC}/Makefile 147 ${REINPLACE_CMD} \ 148 -e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \ 149 ${WRKSRC}/include/openssl/opensslv.h 150 151post-install-SHARED-on: 152.for i in libcrypto libssl 153 ${INSTALL_DATA} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${FAKE_DESTDIR}${PREFIX}/lib 154 ${STRIP_CMD} ${FAKE_DESTDIR}${PREFIX}/lib/$i.so.${OPENSSL_SHLIBVER} 155 ${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${FAKE_DESTDIR}${PREFIX}/lib/$i.so 156.endfor 157.for i in capi padlock 158 ${STRIP_CMD} ${FAKE_DESTDIR}${PREFIX}/lib/engines-1.1/${i}.so 159.endfor 160 161post-install: 162 ${STRIP_CMD} ${PREFIX}/bin/openssl 163 cd ${PREFIX}/lib && ${LN} -sf libssl.so libssl.so.7 164 165.include <bsd.port.post.mk> 166