diff options
Diffstat (limited to 'security/hitch')
| -rw-r--r-- | security/hitch/Makefile | 6 | ||||
| -rw-r--r-- | security/hitch/distinfo | 4 | ||||
| -rw-r--r-- | security/hitch/files/hitch.in | 2 | ||||
| -rw-r--r-- | security/hitch/files/patch-buildfixes | 186 | ||||
| -rw-r--r-- | security/hitch/pkg-plist | 5 |
5 files changed, 195 insertions, 8 deletions
diff --git a/security/hitch/Makefile b/security/hitch/Makefile index 86afef6e0e81..d85c73bdabb4 100644 --- a/security/hitch/Makefile +++ b/security/hitch/Makefile @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= hitch +PORTVERSION= 1.1.0 DISTVERSIONPREFIX= ${PORTNAME}- -DISTVERSION= 1.0.0-beta1 CATEGORIES= security MAINTAINER= zi@FreeBSD.org @@ -11,6 +11,7 @@ COMMENT= TLS proxy to forward connections to an unencrypted backend LICENSE= BSD2CLAUSE +BUILD_DEPENDS= rst2man:textproc/py-docutils LIB_DEPENDS= libev.so:${PORTSDIR}/devel/libev USERS= nobody @@ -26,9 +27,6 @@ LDFLAGS+= -L${LOCALBASE}/lib USE_GITHUB= yes GH_ACCOUNT= varnish -post-patch: - ${REINPLACE_CMD} 's|stud|${PORTNAME}|g' ${WRKSRC}/*.* ${WRKSRC}/src/* - post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc/ diff --git a/security/hitch/distinfo b/security/hitch/distinfo index 685204ce7469..f81ca5fe9af7 100644 --- a/security/hitch/distinfo +++ b/security/hitch/distinfo @@ -1,2 +1,2 @@ -SHA256 (varnish-hitch-hitch-1.0.0-beta1_GH0.tar.gz) = 9214f748a28a2ac726197ad74720889dcba345fecf0369259df7769e3a734d3d -SIZE (varnish-hitch-hitch-1.0.0-beta1_GH0.tar.gz) = 48476 +SHA256 (varnish-hitch-hitch-1.1.0_GH0.tar.gz) = 5cfafd19fb81f323677b142044c8b825627c3b4994cb9b545dc4e292f64a4d0b +SIZE (varnish-hitch-hitch-1.1.0_GH0.tar.gz) = 79116 diff --git a/security/hitch/files/hitch.in b/security/hitch/files/hitch.in index 2333a79851c8..8b6d472ad8d3 100644 --- a/security/hitch/files/hitch.in +++ b/security/hitch/files/hitch.in @@ -31,7 +31,7 @@ load_rc_config $name : ${hitch_enable="NO"} : ${hitch_config="%%PREFIX%%/etc/hitch.conf"} -command="%%PREFIX%%/sbin/hitch-openssl" +command="%%PREFIX%%/sbin/hitch" command_args="--daemon -u nobody -g nobody -s --config=${hitch_config}" required_files=${hitch_config} diff --git a/security/hitch/files/patch-buildfixes b/security/hitch/files/patch-buildfixes new file mode 100644 index 000000000000..181d73af821e --- /dev/null +++ b/security/hitch/files/patch-buildfixes @@ -0,0 +1,186 @@ +\ No newline at end of file +diff -urN Makefile.am Makefile.am +--- Makefile.am 2015-11-20 08:25:04.000000000 -0500 ++++ Makefile.am 2016-01-08 06:03:09.000000000 -0500 +@@ -2,7 +2,7 @@ + SUBDIRS = src + + hitch.8: hitch.man.rst +- rst2man --halt=2 $< $@ ++ rst2man --halt=2 hitch.man.rst $@ + + doc_DATA = hitch.conf.ex CHANGES.rst README.md + +diff -urN bootstrap bootstrap +--- bootstrap 2015-11-20 08:25:04.000000000 -0500 ++++ bootstrap 2016-01-08 06:03:09.000000000 -0500 +@@ -1,4 +1,4 @@ +-#!/bin/bash -x ++#!/bin/sh -x + set -o errexit + aclocal + autoconf +diff -urN configure.ac configure.ac +--- configure.ac 2015-11-20 08:25:04.000000000 -0500 ++++ configure.ac 2016-01-08 06:03:09.000000000 -0500 +@@ -2,7 +2,7 @@ + # Process this file with autoconf to produce a configure script. + + AC_PREREQ([2.59]) +-AC_INIT([hitch], [1.1.0], [support@varnish-software.com]) ++AC_INIT([hitch], [1.1.1dev], [support@varnish-software.com]) + AC_CONFIG_SRCDIR([src/configuration.c]) + AC_CONFIG_HEADERS([config.h]) + +diff -urN hitch.conf.ex hitch.conf.ex +--- hitch.conf.ex 2015-11-20 08:25:04.000000000 -0500 ++++ hitch.conf.ex 2016-01-08 06:03:09.000000000 -0500 +@@ -32,7 +32,7 @@ + # + # Run openssl ciphers for list of available ciphers. + # type: string +-ciphers = "" ++ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" + + # Enforce server cipher list order + # +diff -urN src/configuration.c src/configuration.c +--- src/configuration.c 2015-11-20 08:25:04.000000000 -0500 ++++ src/configuration.c 2016-01-08 06:03:09.000000000 -0500 +@@ -13,7 +13,6 @@ + #include <ctype.h> + #include <unistd.h> + #include <getopt.h> +-#include <libgen.h> + #include <sys/types.h> + #include <pwd.h> + #include <grp.h> +@@ -904,8 +903,13 @@ + } + + void +-config_print_usage_fd(char *prog, hitch_config *cfg, FILE *out) ++config_print_usage_fd(char *prog, FILE *out) + { ++ hitch_config *cfg; ++ ++ cfg = config_new(); ++ AN(cfg); ++ + if (out == NULL) + out = stderr; + fprintf(out, "Usage: %s [OPTIONS] PEM\n\n", basename(prog)); +@@ -991,12 +995,14 @@ + fprintf(out, " -p --pidfile=FILE PID file\n"); + fprintf(out, " -V --version Print program version and exit\n"); + fprintf(out, " -h --help This help message\n"); ++ ++ config_destroy(cfg); + } + + void +-config_print_usage(char *prog, hitch_config *cfg) ++config_print_usage(char *prog) + { +- config_print_usage_fd(prog, cfg, stdout); ++ config_print_usage_fd(prog, stdout); + } + + int +@@ -1050,7 +1056,7 @@ + }; + + if (argc == 1) { +- config_print_usage(argv[0], cfg); ++ config_print_usage(argv[0]); + *retval = 0; + return (1); + } +@@ -1142,7 +1148,7 @@ + return (1); + break; + case 'h': +- config_print_usage(argv[0], cfg); ++ config_print_usage(argv[0]); + *retval = 0; + return (1); + break; +diff -urN src/hitch.c src/hitch.c +--- src/hitch.c 2015-11-20 08:25:04.000000000 -0500 ++++ src/hitch.c 2016-01-08 06:03:09.000000000 -0500 +@@ -37,6 +37,7 @@ + + #include "config.h" + ++#include <libgen.h> + #include <sys/types.h> + #include <sys/ioctl.h> + #include <sys/socket.h> +diff -urN src/tests/test08-test-configs src/tests/test08-test-configs +--- src/tests/test08-test-configs 2015-11-20 08:25:04.000000000 -0500 ++++ src/tests/test08-test-configs 2016-01-08 06:03:09.000000000 -0500 +@@ -18,3 +18,10 @@ + $HITCH --test --config=configs/test08d.cfg certs/default.example.com 2>/dev/null 1>&2 + test "$?" = "0" || die "Valid config test08d.cfg unparseable?" + ++# Issue #52. ++$HITCH --config=configs/default.cfg --help 2>/dev/null 1>&2 ++test "$?" = "0" || die "--help after --config does not work as expected." ++ ++# Works as expected. ++$HITCH --test --config=configs/default.cfg 2>/dev/null 1>&2 ++test "$?" = "1" || die "--help with --config does not work as expected." +diff -urN src/tests/test10-dflt-certs src/tests/test10-dflt-certs +--- src/tests/test10-dflt-certs 1969-12-31 19:00:00.000000000 -0500 ++++ src/tests/test10-dflt-certs 2016-01-08 06:03:09.000000000 -0500 +@@ -0,0 +1,50 @@ ++#/bin/bash ++# ++# ++# ++. common.sh ++set +o errexit ++ ++PORT1=$(($RANDOM + 1024)) ++PORT2=$(($RANDOM + 1024)) ++PORT3=$(($RANDOM + 1024)) ++PORT4=$(($RANDOM + 1024)) ++ ++$HITCH $HITCH_ARGS --backend=[hitch-tls.org]:80 \ ++ --frontend=[${LISTENADDR}]:$PORT1+certs/site1.example.com \ ++ --frontend=[${LISTENADDR}]:$PORT2+certs/site2.example.com \ ++ --frontend=[${LISTENADDR}]:$PORT3+certs/site3.example.com \ ++ --frontend=[${LISTENADDR}]:$PORT4 \ ++ certs/default.example.com ++ ++test "$?" = "0" || die "Hitch did not start." ++ ++# :PORT1 without SNI ++echo | openssl s_client -prexit -connect $LISTENADDR:$PORT1 2>/dev/null > $DUMPFILE ++test "$?" = "0" || die "s_client failed" ++grep -q -c "subject=/CN=site1.example.com" $DUMPFILE ++test "$?" = "0" || die "s_client got wrong certificate on listen port #1" ++ ++# :PORT1 w/ SNI ++echo | openssl s_client -servername site1.example.com -prexit -connect $LISTENADDR:$PORT1 2>/dev/null > $DUMPFILE ++test "$?" = "0" || die "s_client failed" ++grep -q -c "subject=/CN=site1.example.com" $DUMPFILE ++test "$?" = "0" || die "s_client got wrong certificate in listen port #2" ++ ++# :PORT1 w/ different matching SNI name ++echo | openssl s_client -servername site3.example.com -prexit -connect $LISTENADDR:$PORT1 2>/dev/null > $DUMPFILE ++test "$?" = "0" || die "s_client failed" ++grep -q -c "subject=/CN=site3.example.com" $DUMPFILE ++test "$?" = "0" || die "s_client got wrong certificate in listen port #2" ++ ++# :PORT2 no SNI ++echo | openssl s_client -prexit -connect $LISTENADDR:$PORT2 > $DUMPFILE 2>&1 ++test "$?" = "0" || die "s_client failed" ++grep -q -c "subject=/CN=site2.example.com" $DUMPFILE ++test "$?" = "0" || die "s_client got wrong certificate in listen port #2" ++ ++# :PORT4 SNI w/ unknown servername ++echo | openssl s_client -servername invalid.example.com -prexit -connect $LISTENADDR:$PORT4 > $DUMPFILE 2>&1 ++test "$?" = "0" || die "s_client failed" ++grep -q -c "subject=/CN=default.example.com" $DUMPFILE ++test "$?" = "0" || die "s_client got wrong certificate in listen port #2" diff --git a/security/hitch/pkg-plist b/security/hitch/pkg-plist index f06464e7bfdc..fcead5737fd3 100644 --- a/security/hitch/pkg-plist +++ b/security/hitch/pkg-plist @@ -1,3 +1,6 @@ man/man8/hitch.8.gz -sbin/hitch-openssl +sbin/hitch +%%PORTDOCS%%%%DOCSDIR%%/CHANGES.rst +%%PORTDOCS%%%%DOCSDIR%%/README.md +%%PORTDOCS%%%%DOCSDIR%%/hitch.conf.ex @sample etc/hitch.conf.sample |