aboutsummaryrefslogtreecommitdiffstats
path: root/security/openscep
diff options
context:
space:
mode:
authorjylefort <jylefort@FreeBSD.org>2005-05-24 06:21:25 +0800
committerjylefort <jylefort@FreeBSD.org>2005-05-24 06:21:25 +0800
commit66a62657756c24dc66f5bf28ab34c6a9757f26a9 (patch)
tree96d68287912e9c37e25e172680382ad9077e1cdc /security/openscep
parent4917b31ccbe3fc9ac69c6700979322f62bdf969d (diff)
downloadfreebsd-ports-gnome-66a62657756c24dc66f5bf28ab34c6a9757f26a9.tar.gz
freebsd-ports-gnome-66a62657756c24dc66f5bf28ab34c6a9757f26a9.tar.zst
freebsd-ports-gnome-66a62657756c24dc66f5bf28ab34c6a9757f26a9.zip
Add openscep.
OpenSCEP is an open source implementation of the SCEP protocol used by Cisco routers for certificate enrollment to build VPNs. It implements most of the draft specification. OpenSCEP includes a client and a server implementation, as well as some CGI programs to simplify certificate and revocation list management. WWW: http://openscep.othello.ch/ PR: ports/81264 Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
Diffstat (limited to 'security/openscep')
-rw-r--r--security/openscep/Makefile73
-rw-r--r--security/openscep/distinfo2
-rw-r--r--security/openscep/files/patch-include_openscep_err.h36
-rw-r--r--security/openscep/files/patch-lib_Makefile.in37
-rw-r--r--security/openscep/files/patch-lib_decode.c10
-rw-r--r--security/openscep/files/patch-lib_http.c10
-rw-r--r--security/openscep/files/patch-lib_init.c22
-rw-r--r--security/openscep/files/patch-lib_isasu.c28
-rw-r--r--security/openscep/files/patch-lib_openscep__err.c139
-rw-r--r--security/openscep/files/patch-lib_payload.c28
-rw-r--r--security/openscep/files/patch-lib_sigattr.c35
-rw-r--r--security/openscep/files/patch-scepd_Makefile.in11
-rw-r--r--security/openscep/files/patch-scepd_dn2xid.c10
-rw-r--r--security/openscep/files/patch-scepd_sceplist.c32
-rw-r--r--security/openscep/files/pkg-deinstall.in9
-rw-r--r--security/openscep/files/pkg-install.in7
-rw-r--r--security/openscep/files/pkg-message.in14
-rw-r--r--security/openscep/pkg-descr8
-rw-r--r--security/openscep/pkg-plist73
19 files changed, 584 insertions, 0 deletions
diff --git a/security/openscep/Makefile b/security/openscep/Makefile
new file mode 100644
index 000000000000..02bbbbe71599
--- /dev/null
+++ b/security/openscep/Makefile
@@ -0,0 +1,73 @@
+# New ports collection makefile for: openscep
+# Date created: May 19 2005
+# Whom: Vsevolod Stakhov
+#
+# $FreeBSD$
+#
+
+PORTNAME= openscep
+PORTVERSION= 0.4.2
+CATEGORIES= security
+MASTER_SITES= http://openscep.othello.ch/download/
+
+MAINTAINER= vsevolod@highsecure.ru
+COMMENT= Open source scep server
+
+USE_REINPLACE= yes
+USE_OPENSSL= yes
+USE_OPENLDAP= yes
+USE_APACHE= yes
+USE_LIBTOOL_VER=15
+USE_GMAKE= yes
+
+CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
+ LIBS="-L${LOCALBASE}/lib"
+CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+CONFIGURE_ARGS= --with-html-install-dir="${PREFIX}/www/openscep" \
+ --with-cgi-install-dir="${PREFIX}/www/cgi-bin/openscep" \
+ --with-openscep-dir="${PREFIX}/etc/openscep" \
+ --with-pkiclientexe="${PREFIX}/www/cgi-bin/pkiclient.exe"
+
+MAKE_ENV= CPPFLAGS="-I${LOCALBASE}/include"
+
+CONF_DIR= ${PREFIX}/etc/${PORTNAME}
+CONF_FILES= openscep.cnf openscep.ldif openscep.schema slapd.conf
+
+SUB_FILES= pkg-deinstall pkg-install pkg-message
+SUB_LIST= CONF_DIR="${CONF_DIR}" CONF_FILES="${CONF_FILES}"
+
+MAN1= derdump.1 \
+ scep.1 \
+ scepclient.1 \
+ scepconf.1 \
+ sceplist.1 \
+ scepxid.1
+MAN5= openscep.cnf.5
+MAN8= cafingerprint.8 \
+ createcrl.8 \
+ crl2ldap.8 \
+ dn2xid.8 \
+ scepd.8 \
+ scepgrant.8 \
+ scepreject.8 \
+ updatecrl.8
+
+post-patch:
+ @${REINPLACE_CMD} -e '/^subdirs=/ s|libltdl||' ${WRKSRC}/configure
+ @${REINPLACE_CMD} -e '/^SUBDIRS =/ s|libltdl||' ${WRKSRC}/Makefile.in
+ @${REINPLACE_CMD} -e 's|^\(install-data-am:\) install-data-local$$|\1|' \
+ ${WRKSRC}/ldap/Makefile.in ${WRKSRC}/openssl/Makefile.in
+
+post-install:
+ ${MKDIR} ${CONF_DIR}
+ ${INSTALL_DATA} ${WRKSRC}/openssl/openscep.cnf ${CONF_DIR}/openscep.cnf.default
+.for f in openscep.ldif openscep.schema slapd.conf
+ ${INSTALL_DATA} ${WRKSRC}/ldap/${f} ${CONF_DIR}/${f}.default
+.endfor
+ ${CHOWN} www:www ${PREFIX}/www/cgi-bin/openscep/*
+ ${CHOWN} www:www ${PREFIX}/www/cgi-bin/pkiclient.exe
+ ${CHOWN} www:www ${PREFIX}/etc/openscep/*
+ @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/openscep/distinfo b/security/openscep/distinfo
new file mode 100644
index 000000000000..ce0b7f404da7
--- /dev/null
+++ b/security/openscep/distinfo
@@ -0,0 +1,2 @@
+MD5 (openscep-0.4.2.tar.gz) = 484123dd1f02cc98b1a81ecb1f95aa59
+Size (openscep-0.4.2.tar.gz) = 416294
diff --git a/security/openscep/files/patch-include_openscep_err.h b/security/openscep/files/patch-include_openscep_err.h
new file mode 100644
index 000000000000..6b003582d0f0
--- /dev/null
+++ b/security/openscep/files/patch-include_openscep_err.h
@@ -0,0 +1,36 @@
+--- include/openscep_err.h.orig Thu May 19 16:26:46 2005
++++ include/openscep_err.h Thu May 19 16:26:46 2005
+@@ -0,0 +1,33 @@
++#ifndef HEADER_OPENSCEP_ERR_H
++#define HEADER_OPENSCEP_ERR_H
++
++#if OPENSSL_VERSION_NUMBER < 0x00907000L
++/* ERR_unload_strings was added in 0.9.7. with older versions, it's
++ redefined as a no-op here so the auto-generated code in
++ openscep_err.c doesn't need to be changed. */
++#define ERR_unload_strings(A,B) do{}while(0)
++#endif
++
++/* BEGIN ERROR CODES */
++/* The following lines are auto generated by the script mkerr.pl. Any changes
++ * made after this point may be overwritten when the script is next run.
++ */
++void ERR_load_OPENSCEP_strings(void);
++void ERR_unload_OPENSCEP_strings(void);
++void ERR_OPENSCEP_error(int function, int reason, char *file, int line);
++#define OPENSCEPerr(f,r) ERR_OPENSCEP_error((f),(r),__FILE__,__LINE__)
++
++/* Error codes for the OPENSCEP functions. */
++
++/* Function codes. */
++#define OPENSCEP_F_D2I_ISSUER_AND_SUBJECT 100
++#define OPENSCEP_F_D2I_PAYLOAD 101
++#define OPENSCEP_F_ISSUER_AND_SUBJECT_NEW 102
++#define OPENSCEP_F_PAYLOAD_NEW 103
++
++/* Reason codes. */
++
++#ifdef __cplusplus
++}
++#endif
++#endif
diff --git a/security/openscep/files/patch-lib_Makefile.in b/security/openscep/files/patch-lib_Makefile.in
new file mode 100644
index 000000000000..e65904cf12a2
--- /dev/null
+++ b/security/openscep/files/patch-lib_Makefile.in
@@ -0,0 +1,37 @@
+--- lib/Makefile.in.orig Tue Feb 26 02:11:39 2002
++++ lib/Makefile.in Thu May 19 16:35:38 2005
+@@ -115,14 +115,13 @@
+
+ LDADD = libscep.la
+ LDFLAGS = -R$(libdir) $(LIBS)
+-CPPFLAGS = -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
++CPPFLAGS += -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
+
+ VERSION_FILE = openscep_vers.c
+
+ libscep_la_LDFLAGS = -version-info `../shtool version -d libtool $(VERSION_FILE)`
+
+-libscep_la_SOURCES = init.c isasu.c decode.c sigattr.c pkcsreq.c certrep.c getcertinitial.c getcert.c getcrl.c badreply.c attr.c goodreply.c encode.c check.c grant.c scepldap.c fingerprint.c openscep_vers.c selfsigned.c createreq.c http.c iser.c proxy.c payload.c v2request.c transcheck.c pending.c spki2file.c
+-
++libscep_la_SOURCES = init.c isasu.c decode.c sigattr.c pkcsreq.c certrep.c getcertinitial.c getcert.c getcrl.c badreply.c attr.c goodreply.c encode.c check.c grant.c scepldap.c fingerprint.c openscep_vers.c selfsigned.c createreq.c http.c iser.c proxy.c payload.c v2request.c transcheck.c pending.c spki2file.c openscep_err.c
+
+ INCLUDES = $(INCLTDL) -I$(top_srcdir)/include -I$(OPENSSLDIR)/include
+ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+@@ -138,7 +137,8 @@
+ certrep.lo getcertinitial.lo getcert.lo getcrl.lo badreply.lo attr.lo \
+ goodreply.lo encode.lo check.lo grant.lo scepldap.lo fingerprint.lo \
+ openscep_vers.lo selfsigned.lo createreq.lo http.lo iser.lo proxy.lo \
+-payload.lo v2request.lo transcheck.lo pending.lo spki2file.lo
++payload.lo v2request.lo transcheck.lo pending.lo spki2file.lo \
++openscep_err.lo
+ CFLAGS = @CFLAGS@
+ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+@@ -364,6 +364,7 @@
+ ../include/scep.h ../include/isasu.h ../include/payload.h \
+ ../include/transcheck.h ../include/pending.h \
+ ../include/goodreply.h ../include/badreply.h ../include/init.h
++openscep_err.lo openscep_err.o : openscep_err.c ../include/openscep_err.h
+
+ info-am:
+ info: info-am
diff --git a/security/openscep/files/patch-lib_decode.c b/security/openscep/files/patch-lib_decode.c
new file mode 100644
index 000000000000..e06c58fed984
--- /dev/null
+++ b/security/openscep/files/patch-lib_decode.c
@@ -0,0 +1,10 @@
+--- lib/decode.c.orig Tue Feb 26 02:01:06 2002
++++ lib/decode.c Thu May 19 16:23:01 2005
+@@ -58,6 +58,7 @@
+ __LINE__, (scep->client) ? "reply" : "request");
+
+ /* convert from base64 to internal representation */
++ BIO_set_mem_eof_return(bio, 0);
+ if (msg->base64) {
+ if (debug)
+ BIO_printf(bio_err, "%s:%d: prepending Base64 "
diff --git a/security/openscep/files/patch-lib_http.c b/security/openscep/files/patch-lib_http.c
new file mode 100644
index 000000000000..57cd8f999c36
--- /dev/null
+++ b/security/openscep/files/patch-lib_http.c
@@ -0,0 +1,10 @@
+--- lib/http.c.orig Thu May 19 16:37:26 2005
++++ lib/http.c Thu May 19 16:38:42 2005
+@@ -19,6 +19,7 @@
+ #include <string.h>
+ #include <openssl/err.h>
+ #include <arpa/inet.h>
++#include <netinet/in.h>
+
+ /*
+ * parse the url given in the second argument and fill in the h member
diff --git a/security/openscep/files/patch-lib_init.c b/security/openscep/files/patch-lib_init.c
new file mode 100644
index 000000000000..75bdd1330f11
--- /dev/null
+++ b/security/openscep/files/patch-lib_init.c
@@ -0,0 +1,22 @@
+--- lib/init.c.orig Wed Feb 20 02:40:06 2002
++++ lib/init.c Thu May 19 16:23:01 2005
+@@ -21,6 +21,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <openscep_err.h>
+
+ #define TMPPATH "/var/tmp/openscep"
+
+@@ -66,6 +67,11 @@
+ ERR_load_crypto_strings();
+ if (debug)
+ fprintf(stderr, "%s:%d: crypto strings loaded\n", __FILE__,
++ __LINE__);
++
++ ERR_load_OPENSCEP_strings();
++ if (debug)
++ fprintf(stderr, "%s:%d: openscep strings loaded\n", __FILE__,
+ __LINE__);
+
+ /* add the encryption algorithms available */
diff --git a/security/openscep/files/patch-lib_isasu.c b/security/openscep/files/patch-lib_isasu.c
new file mode 100644
index 000000000000..07f62ca1ed5d
--- /dev/null
+++ b/security/openscep/files/patch-lib_isasu.c
@@ -0,0 +1,28 @@
+--- lib/isasu.c.orig Wed Feb 20 02:40:06 2002
++++ lib/isasu.c Thu May 19 16:23:01 2005
+@@ -12,6 +12,7 @@
+ #include <init.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <openscep_err.h>
+
+ /*
+ * the methods in this file are based on the similar functions for the
+@@ -40,7 +41,7 @@
+ M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
+ M_ASN1_D2I_get(ret->subject, d2i_X509_NAME);
+ M_ASN1_D2I_Finish(a,issuer_and_subject_free,
+- ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL);
++ OPENSCEP_F_D2I_ISSUER_AND_SUBJECT);
+ }
+
+ issuer_and_subject_t *issuer_and_subject_new(void) {
+@@ -50,7 +51,7 @@
+ M_ASN1_New(ret->issuer, X509_NAME_new);
+ M_ASN1_New(ret->subject, X509_NAME_new);
+ return ret;
+- M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW); /* wrong error code */
++ M_ASN1_New_Error(OPENSCEP_F_ISSUER_AND_SUBJECT_NEW);
+ }
+
+ void issuer_and_subject_free(issuer_and_subject_t *isasu) {
diff --git a/security/openscep/files/patch-lib_openscep__err.c b/security/openscep/files/patch-lib_openscep__err.c
new file mode 100644
index 000000000000..a0ea6b031416
--- /dev/null
+++ b/security/openscep/files/patch-lib_openscep__err.c
@@ -0,0 +1,139 @@
+--- lib/openscep_err.c.orig Thu May 19 16:26:46 2005
++++ lib/openscep_err.c Thu May 19 16:26:46 2005
+@@ -0,0 +1,136 @@
++/* openscep_err.c */
++/* ====================================================================
++ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * openssl-core@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++/* NOTE: this file was auto generated by the mkerr.pl script: any changes
++ * made to it will be overwritten when the script next updates this file,
++ * only reason strings will be preserved.
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include "openscep_err.h"
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++static ERR_STRING_DATA OPENSCEP_str_functs[]=
++ {
++{ERR_PACK(0,OPENSCEP_F_D2I_ISSUER_AND_SUBJECT,0), "D2I_ISSUER_AND_SUBJECT"},
++{ERR_PACK(0,OPENSCEP_F_D2I_PAYLOAD,0), "D2I_PAYLOAD"},
++{ERR_PACK(0,OPENSCEP_F_ISSUER_AND_SUBJECT_NEW,0), "ISSUER_AND_SUBJECT_NEW"},
++{ERR_PACK(0,OPENSCEP_F_PAYLOAD_NEW,0), "PAYLOAD_NEW"},
++{0,NULL}
++ };
++
++static ERR_STRING_DATA OPENSCEP_str_reasons[]=
++ {
++{0,NULL}
++ };
++
++#endif
++
++#ifdef OPENSCEP_LIB_NAME
++static ERR_STRING_DATA OPENSCEP_lib_name[]=
++ {
++{0 ,OPENSCEP_LIB_NAME},
++{0,NULL}
++ };
++#endif
++
++
++static int OPENSCEP_lib_error_code=0;
++static int OPENSCEP_error_init=1;
++
++void ERR_load_OPENSCEP_strings(void)
++ {
++ if (OPENSCEP_lib_error_code == 0)
++ OPENSCEP_lib_error_code=ERR_get_next_error_library();
++
++ if (OPENSCEP_error_init)
++ {
++ OPENSCEP_error_init=0;
++#ifndef OPENSSL_NO_ERR
++ ERR_load_strings(OPENSCEP_lib_error_code,OPENSCEP_str_functs);
++ ERR_load_strings(OPENSCEP_lib_error_code,OPENSCEP_str_reasons);
++#endif
++
++#ifdef OPENSCEP_LIB_NAME
++ OPENSCEP_lib_name->error = ERR_PACK(OPENSCEP_lib_error_code,0,0);
++ ERR_load_strings(0,OPENSCEP_lib_name);
++#endif
++ }
++ }
++
++void ERR_unload_OPENSCEP_strings(void)
++ {
++ if (OPENSCEP_error_init == 0)
++ {
++#ifndef OPENSSL_NO_ERR
++ ERR_unload_strings(OPENSCEP_lib_error_code,OPENSCEP_str_functs);
++ ERR_unload_strings(OPENSCEP_lib_error_code,OPENSCEP_str_reasons);
++#endif
++
++#ifdef OPENSCEP_LIB_NAME
++ ERR_unload_strings(0,OPENSCEP_lib_name);
++#endif
++ OPENSCEP_error_init=1;
++ }
++ }
++
++void ERR_OPENSCEP_error(int function, int reason, char *file, int line)
++ {
++ if (OPENSCEP_lib_error_code == 0)
++ OPENSCEP_lib_error_code=ERR_get_next_error_library();
++ ERR_PUT_error(OPENSCEP_lib_error_code,function,reason,file,line);
++ }
diff --git a/security/openscep/files/patch-lib_payload.c b/security/openscep/files/patch-lib_payload.c
new file mode 100644
index 000000000000..fe73e22a1dc5
--- /dev/null
+++ b/security/openscep/files/patch-lib_payload.c
@@ -0,0 +1,28 @@
+--- lib/payload.c.orig Mon Feb 25 00:40:01 2002
++++ lib/payload.c Thu May 19 16:26:46 2005
+@@ -16,6 +16,7 @@
+ #include <missl.h>
+ #include <scepldap.h>
+ #include <fcntl.h>
++#include <openscep_err.h>
+
+ /*
+ * payload_build_original convert the original request into a bit string
+@@ -68,7 +69,7 @@
+ p->rt = -1;
+ p->od.req = NULL;
+ return p;
+- M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW); /* wrong error code */
++ M_ASN1_New_Error(OPENSCEP_F_PAYLOAD_NEW);
+ }
+
+ void payload_free(payload_t *a) {
+@@ -171,7 +172,7 @@
+ ret->od.spki = d2i_NETSCAPE_SPKI(&r2, &u, l);
+ break;
+ }
+- M_ASN1_D2I_Finish(a, payload_free, ASN1_F_D2I_X509_REQ_INFO);
++ M_ASN1_D2I_Finish(a, payload_free, OPENSCEP_F_D2I_PAYLOAD);
+ }
+
+ /*
diff --git a/security/openscep/files/patch-lib_sigattr.c b/security/openscep/files/patch-lib_sigattr.c
new file mode 100644
index 000000000000..f90f9afc4600
--- /dev/null
+++ b/security/openscep/files/patch-lib_sigattr.c
@@ -0,0 +1,35 @@
+--- lib/sigattr.c.orig Wed Feb 20 02:40:06 2002
++++ lib/sigattr.c Thu May 19 16:26:46 2005
+@@ -8,6 +8,7 @@
+ #include <sigattr.h>
+ #include <init.h>
+ #include <openssl/err.h>
++#include <openssl/opensslv.h>
+
+ /*
+ * read an attribute of type string
+@@ -120,6 +121,7 @@
+ X509_ATTRIBUTE *attr;
+ int i;
+ scepmsg_t *msg;
++ int single;
+
+ if (debug)
+ BIO_printf(bio_err, "%s:%d: looking for attribute '%s'\n",
+@@ -146,8 +148,14 @@
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sig_attribs); i++) {
+ attr = sk_X509_ATTRIBUTE_value(sig_attribs, i);
+ if (OBJ_cmp(attr->object, asn1_obj) == 0) {
+- if ((!attr->set) || (sk_ASN1_TYPE_num(attr->value.set)
+- == 0)) {
++#if OPENSSL_VERSION_NUMBER < 0x00907000L
++ /* attr->set was replaced with attr->single (with opposite
++ meaning) somewhere between 0.9.6m-engine and 0.9.7d */
++ single = !attr->set;
++#else
++ single = attr->single;
++#endif
++ if (single || (sk_ASN1_TYPE_num(attr->value.set) == 0)) {
+ BIO_printf(bio_err, "%s:%d: attr has no val\n",
+ __FILE__, __LINE__);
+ goto err;
diff --git a/security/openscep/files/patch-scepd_Makefile.in b/security/openscep/files/patch-scepd_Makefile.in
new file mode 100644
index 000000000000..975147e37e41
--- /dev/null
+++ b/security/openscep/files/patch-scepd_Makefile.in
@@ -0,0 +1,11 @@
+--- scepd/Makefile.in.orig Thu May 19 16:41:14 2005
++++ scepd/Makefile.in Thu May 19 16:41:26 2005
+@@ -132,7 +132,7 @@
+ LDADD = ../lib/libscep.la
+ LDFLAGS = -R$(libdir)
+
+-CPPFLAGS = -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
++CPPFLAGS += -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
+
+ INCLUDES = $(INCLTDL) -I$(top_srcdir)/include -I$(OPENSSLDIR)/include
+ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
diff --git a/security/openscep/files/patch-scepd_dn2xid.c b/security/openscep/files/patch-scepd_dn2xid.c
new file mode 100644
index 000000000000..13b79fec6b1c
--- /dev/null
+++ b/security/openscep/files/patch-scepd_dn2xid.c
@@ -0,0 +1,10 @@
+--- scepd/dn2xid.c.orig Mon Mar 26 14:36:47 2001
++++ scepd/dn2xid.c Thu May 19 16:26:46 2005
+@@ -11,6 +11,7 @@
+ #include <ldap.h>
+ #include <unistd.h>
+ #include <openssl/bio.h>
++#include <openssl/evp.h>
+ #include <openssl/x509.h>
+ #include <openssl/err.h>
+ #include <fingerprint.h>
diff --git a/security/openscep/files/patch-scepd_sceplist.c b/security/openscep/files/patch-scepd_sceplist.c
new file mode 100644
index 000000000000..6fff4ae7bd07
--- /dev/null
+++ b/security/openscep/files/patch-scepd_sceplist.c
@@ -0,0 +1,32 @@
+--- scepd/sceplist.c.orig Thu May 19 16:59:02 2005
++++ scepd/sceplist.c Thu May 19 17:02:22 2005
+@@ -96,7 +96,6 @@
+ /*
+ * convert ASN1 time string to a struct tm
+ */
+-extern time_t timezone; /* compiler does not like it inside func */
+ #ifdef HAVE_ALTZONE
+ extern time_t altzone;
+ #endif /* HAVE_ALTZONE */
+@@ -124,19 +123,15 @@
+ rtm.tm_year = atoi(work);
+ if (rtm.tm_year < 70)
+ rtm.tm_year += 100;
++ rtm.tm_zone = 0;
+
+- /* set the time zone to GMT, as mktime uses the local time zone */
+- timezone = 0;
+ #ifdef HAVE_ALTZONE
+ altzone = 0;
+ #endif /* HAVE_ALTZONE */
+
+ /* use mktime to normalize the structure and t convert to a */
+ /* time_t value */
+- rt = mktime(&rtm);
+-
+- /* reset the time zone to local settings */
+- tzset();
++ rt = timegm(&rtm);
+
+ return rt;
+ }
diff --git a/security/openscep/files/pkg-deinstall.in b/security/openscep/files/pkg-deinstall.in
new file mode 100644
index 000000000000..19c51b8a3ad8
--- /dev/null
+++ b/security/openscep/files/pkg-deinstall.in
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+[ "$2" != "DEINSTALL" ] && exit 0
+
+for f in %%CONF_FILES%%; do
+ if cmp -s "%%CONF_DIR%%/$f" "%%CONF_DIR%%/$f.default"; then
+ rm -f "%%CONF_DIR%%/$f"
+ fi
+done
diff --git a/security/openscep/files/pkg-install.in b/security/openscep/files/pkg-install.in
new file mode 100644
index 000000000000..585a18d73eba
--- /dev/null
+++ b/security/openscep/files/pkg-install.in
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+[ "$2" != "POST-INSTALL" ] && exit 0
+
+for f in %%CONF_FILES%%; do
+ [ -f "%%CONF_DIR%%/$f" ] || cp -p "%%CONF_DIR%%/$f.default" "%%CONF_DIR%%/$f"
+done
diff --git a/security/openscep/files/pkg-message.in b/security/openscep/files/pkg-message.in
new file mode 100644
index 000000000000..83a5e542d1c6
--- /dev/null
+++ b/security/openscep/files/pkg-message.in
@@ -0,0 +1,14 @@
+======================================================================
+You now need to add an alias to apache's httpd.conf pointing to
+%%PREFIX%%/www/openscep in order to access openscep from
+your web browser, or create a VirtualHost with DocumentRoot set
+to that directory.
+
+You should also include %%PREFIX%%/etc/openscep/openscep.schema
+into your slapd config (sample of this is at
+%%PREFIX%%/etc/openscep/slapd.conf).
+
+Furthermore, you should add your ldap directory information from
+%%PREFIX%%/etc/openscep/openscep.ldif and edit DN specific information
+there before doing ldapadd.
+======================================================================
diff --git a/security/openscep/pkg-descr b/security/openscep/pkg-descr
new file mode 100644
index 000000000000..dfd57c161d24
--- /dev/null
+++ b/security/openscep/pkg-descr
@@ -0,0 +1,8 @@
+OpenSCEP is an open source implementation of the SCEP protocol used by Cisco
+routers for certificate enrollment to build VPNs. It implements most of the
+draft specification.
+
+OpenSCEP includes a client and a server implementation, as well as some CGI
+programs to simplify certificate and revocation list management.
+
+WWW: http://openscep.othello.ch/
diff --git a/security/openscep/pkg-plist b/security/openscep/pkg-plist
new file mode 100644
index 000000000000..900f117f0874
--- /dev/null
+++ b/security/openscep/pkg-plist
@@ -0,0 +1,73 @@
+bin/derdump
+bin/scep
+bin/scepclient
+bin/scepconf
+bin/scepkey
+bin/sceplist
+bin/scepxid
+etc/openscep/openscep.cnf.default
+etc/openscep/openscep.ldif.default
+etc/openscep/openscep.schema.default
+etc/openscep/slapd.conf.default
+lib/libscep.a
+lib/libscep.so
+lib/libscep.so.4
+sbin/cafingerprint
+sbin/createcrl
+sbin/crl2ldap
+sbin/dn2xid
+sbin/openscepsetup
+sbin/scepd
+sbin/scepgrant
+sbin/scepreject
+sbin/updatecrl
+www/cgi-bin/openscep/add.pl
+www/cgi-bin/openscep/crl.pl
+www/cgi-bin/openscep/granted.pl
+www/cgi-bin/openscep/log.pl
+www/cgi-bin/openscep/pending.pl
+www/cgi-bin/openscep/rejected.pl
+www/cgi-bin/openscep/revoked.pl
+www/cgi-bin/pkiclient.exe
+www/openscep/COPYING
+www/openscep/ChangeLog
+www/openscep/INSTALL
+www/openscep/NEWS
+www/openscep/README
+www/openscep/SETUP
+www/openscep/TODO
+www/openscep/add.gif
+www/openscep/cafingerprint.8.html
+www/openscep/contents.html
+www/openscep/createcrl.8.html
+www/openscep/crl.gif
+www/openscep/crl2ldap.8.html
+www/openscep/derdump.1.html
+www/openscep/dn2xid.8.html
+www/openscep/draft-nourse-scep-05.txt
+www/openscep/granted.gif
+www/openscep/help.gif
+www/openscep/help.html
+www/openscep/index.html
+www/openscep/log.gif
+www/openscep/openscep.cnf.5.html
+www/openscep/openscep.gif
+www/openscep/openscep.png
+www/openscep/rejected.gif
+www/openscep/requests.gif
+www/openscep/revocation.html
+www/openscep/revoked.gif
+www/openscep/scep.1.html
+www/openscep/scepclient.1.html
+www/openscep/scepconf.1.html
+www/openscep/scepd.8.html
+www/openscep/scepgrant.8.html
+www/openscep/sceplist.1.html
+www/openscep/scepreject.8.html
+www/openscep/scepxid.1.html
+www/openscep/title.html
+www/openscep/updatecrl.8.html
+www/openscep/welcome.html
+@dirrm www/cgi-bin/openscep
+@dirrm www/openscep
+@unexec rmdir %D/etc/openscep 2>/dev/null || true