Date: Tuesday, March 21, 2017 @ 23:01:35 Author: jgc Revision: 218236
archrelease: copy trunk to community-staging-i686 Added: sslsplit/repos/community-staging-i686/ sslsplit/repos/community-staging-i686/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch (from rev 218235, sslsplit/trunk/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch) sslsplit/repos/community-staging-i686/PKGBUILD (from rev 218235, sslsplit/trunk/PKGBUILD) -----------------------------------------------------------------+ 0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch | 510 ++++++++++ PKGBUILD | 42 2 files changed, 552 insertions(+) Copied: sslsplit/repos/community-staging-i686/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch (from rev 218235, sslsplit/trunk/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch) =================================================================== --- community-staging-i686/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch (rev 0) +++ community-staging-i686/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch 2017-03-21 23:01:35 UTC (rev 218236) @@ -0,0 +1,510 @@ +From: Hilko Bengen <ben...@debian.org> +Date: Tue, 8 Nov 2016 00:30:42 +0100 +Subject: Add fixes for OpenSSL 1.1 while retaining 1.0 compatibility + +--- + cachedsess.t.c | 4 ++ + cachefkcrt.t.c | 4 ++ + cachemgr.h | 21 ++++++---- + cachessess.t.c | 24 ++++++++++-- + extra/pki/GNUmakefile | 4 +- + ssl.c | 105 +++++++++++++++++++++++++++++++++++--------------- + ssl.t.c | 11 ++++-- + 7 files changed, 125 insertions(+), 48 deletions(-) + +diff --git a/cachedsess.t.c b/cachedsess.t.c +index 7daa472..49fb9e0 100644 +--- a/cachedsess.t.c ++++ b/cachedsess.t.c +@@ -120,6 +120,7 @@ START_TEST(cache_dsess_03) + } + END_TEST + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + START_TEST(cache_dsess_04) + { + SSL_SESSION *s1, *s2; +@@ -145,6 +146,7 @@ START_TEST(cache_dsess_04) + SSL_SESSION_free(s2); + } + END_TEST ++#endif + + Suite * + cachedsess_suite(void) +@@ -159,7 +161,9 @@ cachedsess_suite(void) + tcase_add_test(tc, cache_dsess_01); + tcase_add_test(tc, cache_dsess_02); + tcase_add_test(tc, cache_dsess_03); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + tcase_add_test(tc, cache_dsess_04); ++#endif + suite_add_tcase(s, tc); + + return s; +diff --git a/cachefkcrt.t.c b/cachefkcrt.t.c +index db5e365..d79fb77 100644 +--- a/cachefkcrt.t.c ++++ b/cachefkcrt.t.c +@@ -89,6 +89,7 @@ START_TEST(cache_fkcrt_03) + } + END_TEST + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + START_TEST(cache_fkcrt_04) + { + X509 *c1, *c2; +@@ -116,6 +117,7 @@ START_TEST(cache_fkcrt_04) + fail_unless(cachemgr_preinit() != -1, "reinit"); + } + END_TEST ++#endif + + Suite * + cachefkcrt_suite(void) +@@ -130,7 +132,9 @@ cachefkcrt_suite(void) + tcase_add_test(tc, cache_fkcrt_01); + tcase_add_test(tc, cache_fkcrt_02); + tcase_add_test(tc, cache_fkcrt_03); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + tcase_add_test(tc, cache_fkcrt_04); ++#endif + suite_add_tcase(s, tc); + + return s; +diff --git a/cachemgr.h b/cachemgr.h +index 8ec7306..2a0fb0e 100644 +--- a/cachemgr.h ++++ b/cachemgr.h +@@ -61,15 +61,20 @@ void cachemgr_gc(void); + #define cachemgr_ssess_get(key, keysz) \ + cache_get(cachemgr_ssess, cachessess_mkkey((key), (keysz))) + #define cachemgr_ssess_set(val) \ +- cache_set(cachemgr_ssess, \ +- cachessess_mkkey((val)->session_id, \ +- (val)->session_id_length), \ +- cachessess_mkval(val)) ++ { \ ++ unsigned int len; \ ++ const unsigned char* id = SSL_SESSION_get_id(val, &len); \ ++ cache_set(cachemgr_ssess, \ ++ cachessess_mkkey(id, len), \ ++ cachessess_mkval(val)); \ ++ } + #define cachemgr_ssess_del(val) \ +- cache_del(cachemgr_ssess, \ +- cachessess_mkkey((val)->session_id, \ +- (val)->session_id_length)) +- ++ { \ ++ unsigned int len; \ ++ const unsigned char* id = SSL_SESSION_get_id(val, &len); \ ++ cache_del(cachemgr_ssess, \ ++ cachessess_mkkey(id, len)); \ ++ } + #define cachemgr_dsess_get(addr, addrlen, sni) \ + cache_get(cachemgr_dsess, cachedsess_mkkey((addr), (addrlen), (sni))) + #define cachemgr_dsess_set(addr, addrlen, sni, val) \ +diff --git a/cachessess.t.c b/cachessess.t.c +index 8da5287..b23b661 100644 +--- a/cachessess.t.c ++++ b/cachessess.t.c +@@ -68,13 +68,16 @@ cachemgr_teardown(void) + START_TEST(cache_ssess_01) + { + SSL_SESSION *s1, *s2; ++ char* session_id; ++ unsigned int len; + + s1 = ssl_session_from_file(TMP_SESS_FILE); + fail_unless(!!s1, "creating session failed"); + fail_unless(ssl_session_is_valid(s1), "session invalid"); + + cachemgr_ssess_set(s1); +- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length); ++ session_id = SSL_SESSION_get_id(s1, &len); ++ s2 = cachemgr_ssess_get(session_id, len); + fail_unless(!!s2, "cache returned no session"); + fail_unless(s2 != s1, "cache returned same pointer"); + SSL_SESSION_free(s1); +@@ -85,12 +88,15 @@ END_TEST + START_TEST(cache_ssess_02) + { + SSL_SESSION *s1, *s2; ++ char* session_id; ++ unsigned int len; + + s1 = ssl_session_from_file(TMP_SESS_FILE); + fail_unless(!!s1, "creating session failed"); + fail_unless(ssl_session_is_valid(s1), "session invalid"); + +- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length); ++ session_id = SSL_SESSION_get_id(s1, &len); ++ s2 = cachemgr_ssess_get(session_id, len); + fail_unless(s2 == NULL, "session was already in empty cache"); + SSL_SESSION_free(s1); + } +@@ -99,6 +105,8 @@ END_TEST + START_TEST(cache_ssess_03) + { + SSL_SESSION *s1, *s2; ++ char* session_id; ++ unsigned int len; + + s1 = ssl_session_from_file(TMP_SESS_FILE); + fail_unless(!!s1, "creating session failed"); +@@ -106,15 +114,19 @@ START_TEST(cache_ssess_03) + + cachemgr_ssess_set(s1); + cachemgr_ssess_del(s1); +- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length); ++ session_id = SSL_SESSION_get_id(s1, &len); ++ s2 = cachemgr_ssess_get(session_id, len); + fail_unless(s2 == NULL, "cache returned deleted session"); + SSL_SESSION_free(s1); + } + END_TEST + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + START_TEST(cache_ssess_04) + { + SSL_SESSION *s1, *s2; ++ char* session_id; ++ unsigned int len; + + s1 = ssl_session_from_file(TMP_SESS_FILE); + fail_unless(!!s1, "creating session failed"); +@@ -123,7 +135,8 @@ START_TEST(cache_ssess_04) + fail_unless(s1->references == 1, "refcount != 1"); + cachemgr_ssess_set(s1); + fail_unless(s1->references == 1, "refcount != 1"); +- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length); ++ session_id = SSL_SESSION_get_id(s1, &len); ++ s2 = cachemgr_ssess_get(session_id, len); + fail_unless(s1->references == 1, "refcount != 1"); + fail_unless(!!s2, "cache returned no session"); + fail_unless(s2->references == 1, "refcount != 1"); +@@ -137,6 +150,7 @@ START_TEST(cache_ssess_04) + SSL_SESSION_free(s2); + } + END_TEST ++#endif + + Suite * + cachessess_suite(void) +@@ -151,7 +165,9 @@ cachessess_suite(void) + tcase_add_test(tc, cache_ssess_01); + tcase_add_test(tc, cache_ssess_02); + tcase_add_test(tc, cache_ssess_03); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + tcase_add_test(tc, cache_ssess_04); ++#endif + suite_add_tcase(s, tc); + + return s; +diff --git a/extra/pki/GNUmakefile b/extra/pki/GNUmakefile +index bd7b8d6..d0300fe 100644 +--- a/extra/pki/GNUmakefile ++++ b/extra/pki/GNUmakefile +@@ -63,7 +63,7 @@ ec.key: + $(OPENSSL) req -new -nodes -x509 $(DIGEST) -out $@ -key $< \ + -config $(CONFIG) -extensions $(CA_EXT) \ + -subj $(CA_SUBJECT) \ +- -set_serial 0 -days $(CA_DAYS) ++ -set_serial 1 -days $(CA_DAYS) + + server.key: + $(OPENSSL) genrsa -out $@ 2048 +@@ -112,7 +112,7 @@ targets/wildcard.roe.ch.pem: rsa.crt + + # localhost network connectivity is required + session.pem: +- openssl s_server -accept 46143 -cert server.pem -quiet -no_ssl2 & \ ++ openssl s_server -accept 46143 -cert server.pem -quiet & \ + pid=$$! ; \ + sleep 1 ; \ + echo q | $(OPENSSL) s_client -connect localhost:46143 \ +diff --git a/ssl.c b/ssl.c +index ca19263..417d57d 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -88,6 +88,39 @@ ssl_ssl_cert_get(SSL *s) + } + #endif /* OpenSSL 0.9.8y, 1.0.0k or 1.0.1e */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#define SSL_is_server(ssl) (ssl->type != SSL_ST_CONNECT) ++#define X509_get_signature_nid(x509) (OBJ_obj2nid(x509->sig_alg->algorithm)) ++static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ if (q != NULL) { ++ dh->length = BN_num_bits(q); ++ } ++ ++ return 1; ++} ++#endif ++ + + /* + * Print OpenSSL version and build-time configuration to standard error and +@@ -226,7 +259,7 @@ ssl_openssl_version(void) + */ + static int ssl_initialized = 0; + +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + struct CRYPTO_dynlock_value { + pthread_mutex_t mutex; + }; +@@ -331,7 +364,7 @@ ssl_init(void) + OpenSSL_add_all_algorithms(); + + /* thread-safety */ +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + ssl_mutex_num = CRYPTO_num_locks(); + ssl_mutex = malloc(ssl_mutex_num * sizeof(*ssl_mutex)); + for (int i = 0; i < ssl_mutex_num; i++) { +@@ -397,7 +430,7 @@ ssl_reinit(void) + if (!ssl_initialized) + return; + +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + for (int i = 0; i < ssl_mutex_num; i++) { + pthread_mutex_init(&ssl_mutex[i], NULL); + } +@@ -416,7 +449,7 @@ ssl_fini(void) + + ERR_remove_state(0); /* current thread */ + +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_set_locking_callback(NULL); + CRYPTO_set_dynlock_create_callback(NULL); + CRYPTO_set_dynlock_lock_callback(NULL); +@@ -476,16 +509,14 @@ ssl_ssl_state_to_str(SSL *ssl) + char *str = NULL; + int rv; + +- rv = asprintf(&str, "%08x = %s%s%s%04x = %s (%s) [%s]", +- ssl->state, +- (ssl->state & SSL_ST_CONNECT) ? "SSL_ST_CONNECT|" : "", +- (ssl->state & SSL_ST_ACCEPT) ? "SSL_ST_ACCEPT|" : "", +- (ssl->state & SSL_ST_BEFORE) ? "SSL_ST_BEFORE|" : "", +- ssl->state & SSL_ST_MASK, ++ rv = asprintf(&str, "%08x = %s%s%04x = %s (%s) [%s]", ++ SSL_get_state(ssl), ++ (SSL_get_state(ssl) & SSL_ST_CONNECT) ? "SSL_ST_CONNECT|" : "", ++ (SSL_get_state(ssl) & SSL_ST_ACCEPT) ? "SSL_ST_ACCEPT|" : "", ++ SSL_get_state(ssl) & SSL_ST_MASK, + SSL_state_string(ssl), + SSL_state_string_long(ssl), +- (ssl->type == SSL_ST_CONNECT) ? "connect socket" +- : "accept socket"); ++ SSL_is_server(ssl) ? "accept socket" : "connect socket"); + + return (rv < 0) ? NULL : str; + } +@@ -587,6 +618,7 @@ DH * + ssl_tmp_dh_callback(UNUSED SSL *s, int is_export, int keylength) + { + DH *dh; ++ int success = 0; + + if (!(dh = DH_new())) { + log_err_printf("DH_new() failed\n"); +@@ -594,16 +626,20 @@ ssl_tmp_dh_callback(UNUSED SSL *s, int is_export, int keylength) + } + switch (keylength) { + case 512: +- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ success = DH_set0_pqg(dh, BN_bin2bn(dh512_p, sizeof(dh512_p), NULL), NULL, ++ BN_bin2bn(dh_g, sizeof(dh_g), NULL)); + break; + case 1024: +- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); ++ success = DH_set0_pqg(dh, BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL), NULL, ++ BN_bin2bn(dh_g, sizeof(dh_g), NULL)); + break; + case 2048: +- dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); ++ success = DH_set0_pqg(dh, BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL), NULL, ++ BN_bin2bn(dh_g, sizeof(dh_g), NULL)); + break; + case 4096: +- dh->p = BN_bin2bn(dh4096_p, sizeof(dh4096_p), NULL); ++ success = DH_set0_pqg(dh, BN_bin2bn(dh4096_p, sizeof(dh4096_p), NULL), NULL, ++ BN_bin2bn(dh_g, sizeof(dh_g), NULL)); + break; + default: + log_err_printf("Unhandled DH keylength %i%s\n", +@@ -612,8 +648,7 @@ ssl_tmp_dh_callback(UNUSED SSL *s, int is_export, int keylength) + DH_free(dh); + return NULL; + } +- dh->g = BN_bin2bn(dh_g, sizeof(dh_g), NULL); +- if (!dh->p || !dh->g) { ++ if (!success) { + log_err_printf("Failed to load DH p and g from memory\n"); + DH_free(dh); + return NULL; +@@ -841,7 +876,7 @@ ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, + if (!gn) + goto errout2; + gn->type = GEN_DNS; +- gn->d.dNSName = M_ASN1_IA5STRING_new(); ++ gn->d.dNSName = ASN1_IA5STRING_new(); + if (!gn->d.dNSName) + goto errout3; + ASN1_STRING_set(gn->d.dNSName, +@@ -865,10 +900,10 @@ ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, + #endif /* DEBUG_CERTIFICATE */ + + const EVP_MD *md; +- switch (EVP_PKEY_type(cakey->type)) { ++ switch (EVP_PKEY_type(EVP_PKEY_base_id(cakey))) { + #ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: +- switch (OBJ_obj2nid(origcrt->sig_alg->algorithm)) { ++ switch (X509_get_signature_nid(origcrt)) { + case NID_md5WithRSAEncryption: + md = EVP_md5(); + break; +@@ -897,12 +932,20 @@ ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, + #endif /* !OPENSSL_NO_RSA */ + #ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + md = EVP_dss1(); ++#else ++ md = EVP_sha1(); ++#endif + break; + #endif /* !OPENSSL_NO_DSA */ + #ifndef OPENSSL_NO_ECDSA + case EVP_PKEY_EC: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + md = EVP_ecdsa(); ++#else ++ md = EVP_sha1(); ++#endif + break; + #endif /* !OPENSSL_NO_ECDSA */ + default: +@@ -1015,7 +1058,6 @@ ssl_x509chain_use(SSL_CTX *sslctx, X509 *crt, STACK_OF(X509) *chain) + + tmpcrt = sk_X509_value(chain, i); + ssl_x509_refcount_inc(tmpcrt); +- sk_X509_push(sslctx->extra_certs, tmpcrt); + SSL_CTX_add_extra_chain_cert(sslctx, tmpcrt); + } + } +@@ -1117,14 +1159,15 @@ int + ssl_key_identifier_sha1(EVP_PKEY *key, unsigned char *keyid) + { + X509_PUBKEY *pubkey = NULL; +- ASN1_BIT_STRING *pk; ++ const unsigned char *pk; ++ int length; + + /* X509_PUBKEY_set() will attempt to free pubkey if != NULL */ + if (X509_PUBKEY_set(&pubkey, key) != 1 || !pubkey) + return -1; +- if (!(pk = pubkey->public_key)) ++ if (!X509_PUBKEY_get0_param(NULL, &pk, &length, NULL, pubkey)) + goto errout; +- if (!EVP_Digest(pk->data, pk->length, keyid, NULL, EVP_sha1(), NULL)) ++ if (!EVP_Digest(pk, length, keyid, NULL, EVP_sha1(), NULL)) + goto errout; + X509_PUBKEY_free(pubkey); + return 0; +@@ -1221,10 +1264,10 @@ ssl_x509_fingerprint(X509 *crt, int colons) + void + ssl_dh_refcount_inc(DH *dh) + { +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_add(&dh->references, 1, CRYPTO_LOCK_DH); + #else /* !OPENSSL_THREADS */ +- dh->references++; ++ DH_up_ref(dh); + #endif /* !OPENSSL_THREADS */ + } + #endif /* !OPENSSL_NO_DH */ +@@ -1236,10 +1279,10 @@ ssl_dh_refcount_inc(DH *dh) + void + ssl_key_refcount_inc(EVP_PKEY *key) + { +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY); + #else /* !OPENSSL_THREADS */ +- key->references++; ++ EVP_PKEY_up_ref(key); + #endif /* !OPENSSL_THREADS */ + } + +@@ -1251,10 +1294,10 @@ ssl_key_refcount_inc(EVP_PKEY *key) + void + ssl_x509_refcount_inc(X509 *crt) + { +-#ifdef OPENSSL_THREADS ++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_add(&crt->references, 1, CRYPTO_LOCK_X509); + #else /* !OPENSSL_THREADS */ +- crt->references++; ++ X509_up_ref(crt); + #endif /* !OPENSSL_THREADS */ + } + +diff --git a/ssl.t.c b/ssl.t.c +index 997794f..9705976 100644 +--- a/ssl.t.c ++++ b/ssl.t.c +@@ -498,6 +498,10 @@ START_TEST(ssl_tls_clienthello_parse_10) + } + END_TEST + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#define ASN1_STRING_get0_data(value) ASN1_STRING_data(value) ++#endif ++ + START_TEST(ssl_key_identifier_sha1_01) + { + X509 *c; +@@ -515,9 +519,10 @@ START_TEST(ssl_key_identifier_sha1_01) + int loc = X509_get_ext_by_NID(c, NID_subject_key_identifier, -1); + X509_EXTENSION *ext = X509_get_ext(c, loc); + fail_unless(!!ext, "loading ext failed"); +- fail_unless(ext->value->length - 2 == SSL_KEY_IDSZ, +- "extension length mismatch"); +- fail_unless(!memcmp(ext->value->data + 2, keyid, SSL_KEY_IDSZ), ++ ASN1_STRING *value = X509_EXTENSION_get_data(ext); ++ fail_unless(ASN1_STRING_length(value) - 2 == SSL_KEY_IDSZ, ++ "extension length mismatch"); ++ fail_unless(!memcmp(ASN1_STRING_get0_data(value) + 2, keyid, SSL_KEY_IDSZ), + "key id mismatch"); + } + END_TEST Copied: sslsplit/repos/community-staging-i686/PKGBUILD (from rev 218235, sslsplit/trunk/PKGBUILD) =================================================================== --- community-staging-i686/PKGBUILD (rev 0) +++ community-staging-i686/PKGBUILD 2017-03-21 23:01:35 UTC (rev 218236) @@ -0,0 +1,42 @@ +# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> + +pkgname=sslsplit +pkgver=0.5.0 +pkgrel=2 +pkgdesc="Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections" +url="https://www.roe.ch/SSLsplit" +arch=('i686' 'x86_64') +license=('BSD') +depends=('libevent' 'openssl') +checkdepends=('check') +source=(https://mirror.roe.ch/rel/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.asc} + 0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch) +sha512sums=('d8d4f294018a7a28b6e5cdec4690c5078118e1fc9c8b78d626290cdb5f2c8d2ecdbbee776a50666a99c522e9e22a15e85b5a602c412e242ec4cce64327555862' + 'SKIP' + 'b3fbde26b992c40adb15d218ce067ecc53707ed9746b3a7e166d0333543283368a0c439903d36dedfb6fd9d33599abbf0554b731a68bd2524824319e1970de56') +validpgpkeys=('BFF9C7D7EA0EAC7F1AA55B3EFABE3324B5D3397E') # Daniel Roethlisberger <dan...@roe.ch> + +prepare() { + cd ${pkgname}-${pkgver} + patch -Np1 -i ../0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch +} + +build() { + cd ${pkgname}-${pkgver} + make +} + +check() { + cd ${pkgname}-${pkgver} + make -j1 test +} + +package() { + cd ${pkgname}-${pkgver} + make PREFIX="${pkgdir}/usr" install + install -Dm 644 LICENSE.md "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -Dm 644 README.md "${pkgdir}/usr/share/doc/${pkgname}/README.md" + install -Dm 644 NEWS.md "${pkgdir}/usr/share/doc/${pkgname}/NEWS.md" +} + +# vim: ts=2 sw=2 et: