Hello,
Yes looks like my second option as other projects don’t like to use embedded
libs but Hiawatha does a good job at keeping it updated.
Chris
> On Oct 26, 2022, at 6:00 AM, Stuart Henderson wrote:
>
> On 2022/10/25 16:20, Chris wrote:
>> Hello,
>>
>> Can www/hiawatha be changed to include the embedded mbedtls 3.x which is in
>> par with the current version ?
>>
>> Chris
>>
>
> That should be possible, try this (diff is against -current).
> It builds, I have not tested runtime.
>
> Note that there is a license conflict between Hiawatha's "GPLv2 only"
> and mbedTLS' Apache v2, so binaries can't be distributed. (If Hiawatha
> could change to "GPLv2 or newer" then it would be OK).
>
> There is some more information about this in the discussion on
> https://github.com/OpenVPN/openvpn/commit/110eee0288cff0720952a2cf16c4fb191d0bd616
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/hiawatha/Makefile,v
> retrieving revision 1.66
> diff -u -p -r1.66 Makefile
> --- Makefile25 Oct 2022 20:36:04 -1.66
> +++ Makefile26 Oct 2022 11:00:08 -
> @@ -1,6 +1,5 @@
> COMMENT =secure webserver
> -DISTNAME =hiawatha-10.11
> -REVISION =0
> +DISTNAME =hiawatha-11.2
> CATEGORIES =www net
>
> HOMEPAGE =https://www.hiawatha-webserver.org/
> @@ -10,12 +9,11 @@ PERMIT_PACKAGE =mbedtls Apache 2 licens
>
> MASTER_SITES =${HOMEPAGE}files/
>
> -MODULES =devel/cmake
> +WANTLIB += c pthread xml2 xslt z
>
> -WANTLIB += c mbedcrypto mbedtls mbedx509 pthread xml2 xslt z
> +MODULES =devel/cmake
>
> -LIB_DEPENDS =security/polarssl>=2.8.0 \
> -textproc/libxslt
> +LIB_DEPENDS =textproc/libxslt
>
> CONFIGURE_ARGS =-DWEBROOT_DIR="/var/hiawatha" \
>-DWORK_DIR="/var/db/hiawatha" \
> @@ -24,7 +22,8 @@ CONFIGURE_ARGS =-DWEBROOT_DIR="/var/hia
>-DCMAKE_INSTALL_MANDIR="${PREFIX}/man" \
>-DENABLE_XSLT=ON \
>-DPID_DIR="/var/run" \
> --DUSE_SYSTEM_MBEDTLS=ON
> +-DUSE_SHARED_MBEDTLS_LIBRARY=OFF \
> +-DUSE_STATIC_MBEDTLS_LIBRARY=ON
>
> CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
>LDFLAGS="-L${WRKBUILD}/mbedtls/library -L${LOCALBASE}/lib"
> @@ -39,6 +38,8 @@ pre-configure:
> post-install:
>mv ${WRKINST}${SYSCONFDIR}/hiawatha ${PREFIX}/share/examples/hiawatha
>mv ${WRKINST}/var/hiawatha/index.html ${PREFIX}/share/examples/hiawatha/
> -rm -r ${WRKINST}/var
> +rm -r ${WRKINST}/var \
> +${PREFIX}/lib/hiawatha \
> +${PREFIX}/include/{psa,mbedtls}
>
> .include
> Index: distinfo
> ===
> RCS file: /cvs/ports/www/hiawatha/distinfo,v
> retrieving revision 1.49
> diff -u -p -r1.49 distinfo
> --- distinfo31 Jul 2020 07:20:45 -1.49
> +++ distinfo26 Oct 2022 11:00:08 -
> @@ -1,2 +1,2 @@
> -SHA256 (hiawatha-10.11.tar.gz) = edhdFl1o3XBDu9M39bx90Q2GMtaLph0OVX+EvWh8lyc=
> -SIZE (hiawatha-10.11.tar.gz) = 1393303
> +SHA256 (hiawatha-11.2.tar.gz) = mcZPdpJ/k0afBiq3a3TreaOX6kvhLahr90ayu1fPG8U=
> +SIZE (hiawatha-11.2.tar.gz) = 1583611
> Index: patches/patch-CMakeLists_txt
> ===
> RCS file: /cvs/ports/www/hiawatha/patches/patch-CMakeLists_txt,v
> retrieving revision 1.2
> diff -u -p -r1.2 patch-CMakeLists_txt
> --- patches/patch-CMakeLists_txt11 Mar 2022 20:09:55 -1.2
> +++ patches/patch-CMakeLists_txt26 Oct 2022 11:00:08 -
> @@ -4,7 +4,7 @@ in base, and several alternatives in por
> Index: CMakeLists.txt
> --- CMakeLists.txt.orig
> +++ CMakeLists.txt
> -@@ -192,15 +192,15 @@ endforeach()
> +@@ -170,15 +170,15 @@ endforeach()
>
> install(FILES extra/index.html DESTINATION ${WEBROOT_DIR})
>
> Index: patches/patch-man_hiawatha_1_in
> ===
> RCS file: /cvs/ports/www/hiawatha/patches/patch-man_hiawatha_1_in,v
> retrieving revision 1.12
> diff -u -p -r1.12 patch-man_hiawatha_1_in
> --- patches/patch-man_hiawatha_1_in11 Mar 2022 20:09:55 -1.12
> +++ patches/patch-man_hiawatha_1_in26 Oct 2022 11:00:08 -
> @@ -25,7 +25,7 @@ Index: man/hiawatha.1.in
> .TP
> .B KickOnBan = yes|no
> Close all other connections that originate from the same IP in case of a ban.
> -@@ -308,7 +308,7 @@ Example: RequestLimitMask = deny 192.168.0.1
> +@@ -300,7 +300,7 @@ Example: RequestLimitMask = deny 192.168.0.1
> .B ServerId = |:[, , ...]
> The userid and groupid(s) the server will change to. If only a userid is
> specified, the groupid(s) will be looked up in /etc/passwd and /etc/group.
> The userid en groupid of user root are not allowed here. The userid or
> groupid can also be a name.
> .br
> @@ -34,7 +34,7 @@ Index: man/hiawatha.1.in
> .TP
> .B ServerString =
> The text behind 'Server:'