mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-16 22:13:01 +02:00
d0bd5afe1b
This patch will disable SSLv3 and SSLv2 by default but leaves the protocol compiled in into the library so that applications can use it when they still need it (e.g. sslscan).
131 lines
4.5 KiB
Plaintext
131 lines
4.5 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
VER = 1.0.1k
|
|
|
|
THISAPP = openssl-$(VER)
|
|
DL_FILE = $(THISAPP).tar.gz
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
|
|
ifeq "$(MACHINE)" "i586"
|
|
CONFIGURE_ARGS = linux-elf no-asm 386
|
|
endif
|
|
|
|
ifeq "$(MACHINE)" "armv5tel"
|
|
CONFIGURE_ARGS = linux-generic32
|
|
endif
|
|
|
|
CFLAGS += -DPURIFY
|
|
export RPM_OPT_FLAGS = $(CFLAGS)
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_MD5 = d4f002bd22a56881340105028842ae1f
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
md5 : $(subst %,%_MD5,$(objects))
|
|
|
|
###############################################################################
|
|
# Downloading, checking, md5sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_MD5,$(objects)) :
|
|
@$(MD5)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
|
|
|
|
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
|
|
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
|
|
|
|
cd $(DIR_APP) && ./Configure \
|
|
--prefix=/usr \
|
|
--openssldir=/etc/ssl \
|
|
--enginesdir=/usr/lib/openssl/engines \
|
|
shared \
|
|
zlib-dynamic \
|
|
enable-camellia \
|
|
enable-md2 \
|
|
enable-seed \
|
|
enable-tlsext \
|
|
enable-rfc3779 \
|
|
no-idea \
|
|
no-mdc2 \
|
|
no-rc5 \
|
|
no-srp \
|
|
$(CONFIGURE_ARGS) \
|
|
-DSSL_FORBID_ENULL \
|
|
-DHAVE_CRYPTODEV \
|
|
-DUSE_CRYPTODEV_DIGEST
|
|
|
|
cd $(DIR_APP) && make depend
|
|
cd $(DIR_APP) && make
|
|
|
|
# Install everything.
|
|
cd $(DIR_APP) && make install
|
|
install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
|
|
|
|
# Remove man pages.
|
|
-rm -vfr /etc/ssl/man
|
|
|
|
# Move engines to the right place.
|
|
-mkdir -pv /usr/lib/openssl
|
|
rm -vfr /usr/lib/openssl/engines
|
|
mv -v /usr/lib/engines /usr/lib/openssl
|
|
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|