HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: perl-http-message: Update to 6.15.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
2a5b5bfd 7;;; Copyright © 2015, 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
5b9aa107 9;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
88e2511e 12;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
d6adba78 13;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
7543f865 15;;;
233e7676 16;;; This file is part of GNU Guix.
7543f865 17;;;
233e7676 18;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 19;;; under the terms of the GNU General Public License as published by
20;;; the Free Software Foundation; either version 3 of the License, or (at
21;;; your option) any later version.
22;;;
233e7676 23;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 24;;; WITHOUT ANY WARRANTY; without even the implied warranty of
25;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26;;; GNU General Public License for more details.
27;;;
28;;; You should have received a copy of the GNU General Public License
233e7676 29;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 30
a7fd7b68 31(define-module (gnu packages tls)
e9aa8d0c 32 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 33 #:use-module (guix packages)
34 #:use-module (guix download)
29a7c98a 35 #:use-module (guix utils)
7543f865 36 #:use-module (guix build-system gnu)
cc2b77df 37 #:use-module (guix build-system perl)
7890e3ba 38 #:use-module (guix build-system python)
88522738 39 #:use-module (guix build-system cmake)
587d1752 40 #:use-module (guix build-system haskell)
f61e0e79 41 #:use-module (gnu packages compression)
013ce67b 42 #:use-module (gnu packages)
ac257f12 43 #:use-module (gnu packages check)
5b9aa107 44 #:use-module (gnu packages dns)
1ffa7090 45 #:use-module (gnu packages guile)
587d1752
RW		 46 #:use-module (gnu packages haskell)
47 #:use-module (gnu packages haskell-check)
48 #:use-module (gnu packages haskell-crypto)
0581c273 49 #:use-module (gnu packages libbsd)
27e86bed 50 #:use-module (gnu packages libffi)
866f469e 51 #:use-module (gnu packages libidn)
5d4c90ae 52 #:use-module (gnu packages linux)
7890e3ba 53 #:use-module (gnu packages ncurses)
27e86bed 54 #:use-module (gnu packages nettle)
1ffa7090 55 #:use-module (gnu packages perl)
27e86bed 56 #:use-module (gnu packages pkg-config)
7890e3ba 57 #:use-module (gnu packages python)
cc6f4912 58 #:use-module (gnu packages python-crypto)
1b2f753d 59 #:use-module (gnu packages python-web)
a31f4d35 60 #:use-module (gnu packages texinfo)
33dc54b0 61 #:use-module (gnu packages time)
079f013b
LC		 62 #:use-module (gnu packages base)
63 #:use-module (srfi srfi-1))
7543f865
LC		 64
65(define-public libtasn1
66 (package
67 (name "libtasn1")
2a5b5bfd 68 (version "4.13")
7543f865
LC		 69 (source
70 (origin
71 (method url-fetch)
72 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
73 version ".tar.gz"))
74 (sha256
75 (base32
2a5b5bfd 76 "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky"))))
7543f865 77 (build-system gnu-build-system)
3ea110b7 78 (native-inputs `(("perl" ,perl)))
6fd52309 79 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 80 (synopsis "ASN.1 library")
7543f865 81 (description
79c311b8
LC		 82 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
83for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 84networking, allowing for formal validation of data according to some
85specifications.")
e9aa8d0c 86 (license license:lgpl2.0+)))
7543f865 87
375cef6c
HG		 88(define-public asn1c
89 (package
90 (name "asn1c")
ff7da7e0 91 (version "0.9.28")
375cef6c
HG		 92 (source (origin
93 (method url-fetch)
94 (uri (string-append "https://lionet.info/soft/asn1c-"
95 version ".tar.gz"))
96 (sha256
97 (base32
ff7da7e0 98 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 99 (build-system gnu-build-system)
100 (native-inputs
101 `(("perl" ,perl)))
102 (home-page "https://lionet.info/asn1c")
103 (synopsis "ASN.1 to C compiler")
104 (description "The ASN.1 to C compiler takes ASN.1 module
105files and generates C++ compatible C source code. That code can be
106used to serialize the native C structures into compact and unambiguous
107BER/XER/PER-based data files, and deserialize the files back.
108
109Various ASN.1 based formats are widely used in the industry, such as to encode
110the X.509 certificates employed in the HTTPS handshake, to exchange control
111data between mobile phones and cellular networks, to car-to-car communication
112in intelligent transportation networks.")
113 (license license:bsd-2)))
114
27e86bed
AE		 115(define-public p11-kit
116 (package
117 (name "p11-kit")
954b6771 118 (version "0.23.10")
27e86bed
AE		 119 (source
120 (origin
121 (method url-fetch)
e6ad9bda
MB		 122 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
123 "download/" version "/p11-kit-" version ".tar.gz"))
27e86bed
AE		 124 (sha256
125 (base32
954b6771 126 "0hxfwnyb5yllvlsh0cj6favcph36gm94b6df7zhl7xay48zjl8gr"))))
27e86bed
AE		 127 (build-system gnu-build-system)
128 (native-inputs
129 `(("pkg-config" ,pkg-config)))
130 (inputs
131 `(("libffi" ,libffi)
132 ("libtasn1" ,libtasn1)))
133 (arguments
134 `(#:configure-flags '("--without-trust-paths")))
4631e6c9 135 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 136 (synopsis "PKCS#11 library")
137 (description
138 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
139provides a standard configuration setup for installing PKCS#11 modules
140in such a way that they are discoverable. It also solves problems with
141coordinating the use of PKCS#11 by different components or libraries
142living in the same process.")
e9aa8d0c 143 (license license:bsd-3)))
27e86bed 144
7543f865
LC		 145(define-public gnutls
146 (package
147 (name "gnutls")
6a778c75 148 (version "3.5.18")
d7d408d5
LC		 149 (source (origin
150 (method url-fetch)
151 (uri
152 ;; Note: Releases are no longer on ftp.gnu.org since the
153 ;; schism (after version 3.1.5).
d93627e4 154 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 155 (version-major+minor version)
d93627e4 156 "/gnutls-" version ".tar.xz"))
5bace4c8
MB		 157 (patches
158 (search-patches "gnutls-skip-trust-store-test.patch"
159 "gnutls-skip-pkgconfig-test.patch"))
d7d408d5
LC		 160 (sha256
161 (base32
6a778c75 162 "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf"))))
7543f865 163 (build-system gnu-build-system)
b94ae0b8 164 (arguments
76b21274
LF		 165 `(; Ensure we don't keep a reference to this buggy software.
166 #:disallowed-references (,net-tools)
167 #:configure-flags
a0700787 168 (list
aa7c7f21
MW		 169 ;; GnuTLS doesn't consult any environment variables to specify
170 ;; the location of the system-wide trust store. Instead it has a
171 ;; configure-time option. Unless specified, its configure script
172 ;; attempts to auto-detect the location by looking for common
8f65585b 173 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 174 ;; chroot build environment. If not found, then no default trust
175 ;; store is used, so each program has to provide its own
176 ;; fallback, and users have to configure each program
177 ;; independently. This seems suboptimal.
866f469e
MW		 178 "--with-default-trust-store-dir=/etc/ssl/certs"
179
180 ;; FIXME: Temporarily disable p11-kit support since it is not
181 ;; working on mips64el.
606c6380
LC		 182 "--without-p11-kit")
183
184 #:phases (modify-phases %standard-phases
185 (add-after
186 'install 'move-doc
187 (lambda* (#:key outputs #:allow-other-keys)
188 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
189 (let* ((out (assoc-ref outputs "out"))
190 (doc (assoc-ref outputs "doc"))
9cdce047 191 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 192 (oldman (string-append out "/share/man/man3")))
193 (mkdir-p mandir)
194 (copy-recursively oldman mandir)
195 (delete-file-recursively oldman)
196 #t))))))
197 (outputs '("out" ;4.4 MiB
198 "debug"
199 "doc")) ;4.1 MiB of man pages
a1db0975 200 (native-inputs
c06d8ba5 201 `(("net-tools" ,net-tools)
5d4c90ae 202 ("pkg-config" ,pkg-config)
d2fcfd3d 203 ("which" ,which)))
7543f865 204 (inputs
a0700787 205 `(("guile" ,guile-2.2)))
7543f865 206 (propagated-inputs
d2fcfd3d 207 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 208 `(("libtasn1" ,libtasn1)
55e61c4d 209 ("libidn2" ,libidn2)
866f469e 210 ("nettle" ,nettle)
f61e0e79 211 ("zlib" ,zlib)))
c19700c3 212 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 213 (synopsis "Transport layer security library")
7543f865 214 (description
a22dc0c4 215 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 216and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 217protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
218required structures.")
63e8bb12
LC		 219 (license license:lgpl2.1+)
220 (properties '((ftp-server . "ftp.gnutls.org")
221 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 222
079f013b 223(define-public gnutls/guile-2.2
a0700787
LC		 224 (deprecated-package "guile2.2-gnutls" gnutls))
225
226(define-public gnutls/guile-2.0
227 ;; GnuTLS for Guile 2.0.
079f013b 228 (package
58ea4d40 229 (inherit gnutls)
a0700787
LC		 230 (name "guile2.0-gnutls")
231 (inputs `(("guile" ,guile-2.0)
58ea4d40 232 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 233
5b9aa107 234(define-public gnutls/dane
235 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
236 ;; Authentication of Named Entities. This is required for GNS functionality
237 ;; by GNUnet and gnURL. This is done in an extra package definition
238 ;; to have the choice between GnuTLS with Dane and without Dane.
239 (package
240 (inherit gnutls)
241 (name "gnutls-dane")
242 (inputs `(("unbound" ,unbound)
243 ,@(package-inputs gnutls)))))
244
cc2b77df
AE		 245(define-public openssl
246 (package
247 (name "openssl")
4a158286 248 (version "1.0.2n")
cc2b77df 249 (source (origin
4cff124b 250 (method url-fetch)
bdf0b6fc
MB		 251 (uri (list (string-append "https://www.openssl.org/source/openssl-"
252 version ".tar.gz")
253 (string-append "ftp://ftp.openssl.org/source/"
4cff124b
LC		 254 name "-" version ".tar.gz")
255 (string-append "ftp://ftp.openssl.org/source/old/"
256 (string-trim-right version char-set:letter)
257 "/" name "-" version ".tar.gz")))
258 (sha256
259 (base32
4a158286 260 "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp"))
8a9b08b5
ST		 261 (snippet
262 '(begin
263 ;; Remove ELF files. 'substitute*' can't read them.
264 (delete-file "test/ssltest_old")
265 (delete-file "test/v3ext")
266 (delete-file "test/x509aux")
267 #t))
fc1adab1 268 (patches (search-patches "openssl-runpath.patch"
1d8de185 269 "openssl-c-rehash-in.patch"))))
cc2b77df 270 (build-system gnu-build-system)
8c78aeb7 271 (outputs '("out"
a909b576 272 "doc" ;1.5MiB of man3 pages
8c78aeb7 273 "static")) ;6MiB of .a files
cc2b77df
AE		 274 (native-inputs `(("perl" ,perl)))
275 (arguments
d03781c3
LC		 276 `(#:disallowed-references (,perl)
277 #:parallel-build? #f
cc2b77df
AE		 278 #:parallel-tests? #f
279 #:test-target "test"
8c9ec203
LF		 280
281 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
282 ;; so we explicitly disallow it here.
283 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 284 #:phases
b6cb1358 285 (modify-phases %standard-phases
4fb254a3 286 (add-before
86c8f1da 287 'configure 'patch-Makefile.org
4fb254a3
LC		 288 (lambda* (#:key outputs #:allow-other-keys)
289 ;; The default MANDIR is some unusual place. Fix that.
290 (let ((out (assoc-ref outputs "out")))
86c8f1da 291 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 292 (substitute* "Makefile.org"
293 (("^MANDIR[[:blank:]]*=.*$")
294 (string-append "MANDIR = " out "/share/man\n")))
295 #t)))
b6cb1358
LC		 296 (replace
297 'configure
298 (lambda* (#:key outputs #:allow-other-keys)
299 (let ((out (assoc-ref outputs "out")))
0d98cb9a 300 (invoke "./config"
5011d3f4
SB		 301 "shared" ;build shared libraries
302 "--libdir=lib"
4fb254a3 303
5011d3f4
SB		 304 ;; The default for this catch-all directory is
305 ;; PREFIX/ssl. Change that to something more
306 ;; conventional.
307 (string-append "--openssldir=" out
308 "/share/openssl-" ,version)
4fb254a3 309
5011d3f4 310 (string-append "--prefix=" out)
b6cb1358 311
5011d3f4
SB		 312 ;; XXX FIXME: Work around a code generation bug in GCC
313 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
314 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
315 ,@(if (and (not (%current-target-system))
316 (string-prefix? "armhf" (%current-system)))
317 '("-mfpu=vfpv3")
0d98cb9a 318 '())))))
fe8199a8
LC		 319 (add-after
320 'install 'make-libraries-writable
321 (lambda* (#:key outputs #:allow-other-keys)
322 ;; Make libraries writable so that 'strip' does its job.
323 (let ((out (assoc-ref outputs "out")))
324 (for-each (lambda (file)
325 (chmod file #o644))
326 (find-files (string-append out "/lib")
327 "\\.so"))
328 #t)))
8c78aeb7
LC		 329 (add-after 'install 'move-static-libraries
330 (lambda* (#:key outputs #:allow-other-keys)
331 ;; Move static libraries to the "static" output.
332 (let* ((out (assoc-ref outputs "out"))
333 (lib (string-append out "/lib"))
334 (static (assoc-ref outputs "static"))
335 (slib (string-append static "/lib")))
8c78aeb7
LC		 336 (for-each (lambda (file)
337 (install-file file slib)
338 (delete-file file))
339 (find-files lib "\\.a$"))
340 #t)))
a909b576
LC		 341 (add-after 'install 'move-man3-pages
342 (lambda* (#:key outputs #:allow-other-keys)
343 ;; Move section 3 man pages to "doc".
344 (let* ((out (assoc-ref outputs "out"))
345 (man3 (string-append out "/share/man/man3"))
346 (doc (assoc-ref outputs "doc"))
347 (target (string-append doc "/share/man/man3")))
348 (mkdir-p target)
349 (for-each (lambda (file)
350 (rename-file file
351 (string-append target "/"
352 (basename file))))
353 (find-files man3))
5c838ec9 354 (delete-file-recursively man3)
a909b576 355 #t)))
b6cb1358
LC		 356 (add-before
357 'patch-source-shebangs 'patch-tests
358 (lambda* (#:key inputs native-inputs #:allow-other-keys)
359 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
360 (substitute* (find-files "test" ".*")
361 (("/bin/sh")
08a78c2f 362 (string-append bash "/bin/sh"))
b6cb1358 363 (("/bin/rm")
86c8f1da
MW		 364 "rm"))
365 #t)))
784d6e91
LC		 366 (add-after
367 'install 'remove-miscellany
368 (lambda* (#:key outputs #:allow-other-keys)
369 ;; The 'misc' directory contains random undocumented shell and Perl
370 ;; scripts. Remove them to avoid retaining a reference on Perl.
371 (let ((out (assoc-ref outputs "out")))
372 (delete-file-recursively (string-append out "/share/openssl-"
373 ,version "/misc"))
374 #t))))))
cc2b77df 375 (native-search-paths
cc2b77df
AE		 376 (list (search-path-specification
377 (variable "SSL_CERT_DIR")
5d7a47cc 378 (separator #f) ;single entry
cc2b77df
AE		 379 (files '("etc/ssl/certs")))
380 (search-path-specification
381 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 382 (file-type 'regular)
383 (separator #f) ;single entry
cc2b77df
AE		 384 (files '("etc/ssl/certs/ca-certificates.crt")))))
385 (synopsis "SSL/TLS implementation")
386 (description
e881752c 387 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 388 (license license:openssl)
4631e6c9 389 (home-page "https://www.openssl.org/")))
cc2b77df 390
763899f0
LF		 391(define-public openssl-next
392 (package
393 (inherit openssl)
394 (name "openssl")
77576be4 395 (version "1.1.0g")
763899f0
LF		 396 (source (origin
397 (method url-fetch)
77576be4
MB		 398 (uri (list (string-append "https://www.openssl.org/source/openssl-"
399 version ".tar.gz")
400 (string-append "ftp://ftp.openssl.org/source/"
763899f0
LF		 401 name "-" version ".tar.gz")
402 (string-append "ftp://ftp.openssl.org/source/old/"
403 (string-trim-right version char-set:letter)
404 "/" name "-" version ".tar.gz")))
405 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
406 (sha256
407 (base32
77576be4 408 "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"))))
763899f0
LF		 409 (outputs '("out"
410 "doc" ;1.3MiB of man3 pages
411 "static")) ; 5.5MiB of .a files
412 (arguments
413 (substitute-keyword-arguments (package-arguments openssl)
414 ((#:phases phases)
415 `(modify-phases ,phases
416 (delete 'patch-tests) ; These two phases are not needed by
417 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
418
fc184fe2
MB		 419 ;; Override configure phase since -rpath is now a configure option.
420 (replace 'configure
763899f0 421 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 422 (let* ((out (assoc-ref outputs "out"))
423 (lib (string-append out "/lib")))
0d98cb9a 424 (invoke "./config"
5011d3f4
SB		 425 "shared" ;build shared libraries
426 "--libdir=lib"
fc184fe2 427
5011d3f4
SB		 428 ;; The default for this catch-all directory is
429 ;; PREFIX/ssl. Change that to something more
430 ;; conventional.
431 (string-append "--openssldir=" out
432 "/share/openssl-" ,version)
fc184fe2 433
5011d3f4
SB		 434 (string-append "--prefix=" out)
435 (string-append "-Wl,-rpath," lib)
fc184fe2 436
5011d3f4
SB		 437 ;; XXX FIXME: Work around a code generation bug in GCC
438 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
439 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
440 ,@(if (and (not (%current-target-system))
441 (string-prefix? "armhf" (%current-system)))
442 '("-mfpu=vfpv3")
0d98cb9a 443 '())))))
fc184fe2
MB		 444
445 ;; XXX: Duplicate this phase to make sure 'version' evaluates
446 ;; in the current scope and not the inherited one.
447 (replace 'remove-miscellany
448 (lambda* (#:key outputs #:allow-other-keys)
449 ;; The 'misc' directory contains random undocumented shell and Perl
450 ;; scripts. Remove them to avoid retaining a reference on Perl.
451 (let ((out (assoc-ref outputs "out")))
452 (delete-file-recursively (string-append out "/share/openssl-"
453 ,version "/misc"))
763899f0
LF		 454 #t)))))))))
455
cb6a802c
AE		 456(define-public libressl
457 (package
458 (name "libressl")
09a91adc 459 (version "2.6.4")
644e5f17
TGR		 460 (source (origin
461 (method url-fetch)
462 (uri (string-append "mirror://openbsd/LibreSSL/"
463 name "-" version ".tar.gz"))
464 (sha256
465 (base32
09a91adc 466 "07yi37a2ghsgj2b4w30q1s4d2inqnix7ika1m21y57p9z71212k3"))))
cb6a802c 467 (build-system gnu-build-system)
a2d64899
LC		 468 (arguments
469 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
470 ;; and libc would return ENOSYS, which is not properly handled.
471 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 472 '(#:configure-flags '("ac_cv_func_getentropy=no"
473 ;; Provide a TLS-enabled netcat.
474 "--enable-nc")))
cb6a802c
AE		 475 (native-search-paths
476 ;; FIXME: These two variables must designate a single file or directory
477 ;; and are not actually "search paths." In practice it works OK in
478 ;; user profiles because there's always just one item that matches the
479 ;; specification.
480 (list (search-path-specification
481 (variable "SSL_CERT_DIR")
482 (files '("etc/ssl/certs")))
483 (search-path-specification
484 (variable "SSL_CERT_FILE")
485 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 486 (home-page "https://www.libressl.org/")
cb6a802c 487 (synopsis "SSL/TLS implementation")
df08f385
LF		 488 (description "LibreSSL is a version of the TLS/crypto stack, forked from
489OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
490and applying best practice development processes. This package also includes a
491netcat implementation that supports TLS.")
cb6a802c
AE		 492 ;; Files taken from OpenSSL keep their license, others are under various
493 ;; non-copyleft licenses.
494 (license (list license:openssl
495 (license:non-copyleft
496 "file://COPYING"
497 "See COPYING in the distribution.")))))
498
6cefd53d 499(define-public python-acme
7890e3ba 500 (package
6cefd53d 501 (name "python-acme")
686d4259 502 ;; Remember to update the hash of certbot when updating python-acme.
71f9ca53 503 (version "0.22.0")
7890e3ba 504 (source (origin
9495cf9a 505 (method url-fetch)
f349d36e 506 (uri (pypi-uri "acme" version))
881006b6
MB		 507 (sha256
508 (base32
71f9ca53 509 "1s2zamyb99zdyga3c75xxgnj0z2hixw8wv24v1l4p49fncnxab2a"))))
7890e3ba
LF		 510 (build-system python-build-system)
511 (arguments
6cefd53d 512 `(#:phases
9bee9d87 513 (modify-phases %standard-phases
1fc8476d
MB		 514 (add-after 'build 'build-documentation
515 (lambda _
516 (zero? (system* "make" "-C" "docs" "man" "info"))))
517 (add-after 'install 'install-documentation
50a7963a
LF		 518 (lambda* (#:key outputs #:allow-other-keys)
519 (let* ((out (assoc-ref outputs "out"))
520 (man (string-append out "/share/man/man1"))
521 (info (string-append out "/info")))
1fc8476d
MB		 522 (install-file "docs/_build/texinfo/acme-python.info" info)
523 (install-file "docs/_build/man/acme-python.1" man)
524 #t))))))
50a7963a 525 ;; TODO: Add optional inputs for testing.
7890e3ba 526 (native-inputs
4ae65558 527 `(("python-mock" ,python-mock)
50a7963a
LF		 528 ;; For documentation
529 ("python-sphinx" ,python-sphinx)
530 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
531 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 532 ("texinfo" ,texinfo)))
7890e3ba 533 (propagated-inputs
92572184
LF		 534 `(("python-josepy" ,python-josepy)
535 ("python-six" ,python-six)
6cefd53d
LF		 536 ("python-requests" ,python-requests)
537 ("python-pytz" ,python-pytz)
538 ("python-pyrfc3339" ,python-pyrfc3339)
539 ("python-pyasn1" ,python-pyasn1)
540 ("python-cryptography" ,python-cryptography)
541 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 542 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 543 (synopsis "ACME protocol implementation in Python")
544 (description "ACME protocol implementation in Python")
545 (license license:asl2.0)))
546
9495cf9a 547(define-public certbot
9fd0838b 548 (package
9495cf9a 549 (name "certbot")
686d4259
LF		 550 ;; Certbot and python-acme are developed in the same repository, and their
551 ;; versions should remain synchronized.
552 (version (package-version python-acme))
9fd0838b
DT		 553 (source (origin
554 (method url-fetch)
f349d36e 555 (uri (pypi-uri name version))
9fd0838b
DT		 556 (sha256
557 (base32
71f9ca53 558 "1cyb3lhxrw7ghyhrl2wc95vqhdaxz6n4pai66c573gcly7c7sc7f"))))
9fd0838b
DT		 559 (build-system python-build-system)
560 (arguments
fed1898d 561 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 562 ((#:phases phases)
563 `(modify-phases ,phases
1fc8476d 564 (replace 'install-documentation
f26d6e4e
LF		 565 (lambda* (#:key outputs #:allow-other-keys)
566 (let* ((out (assoc-ref outputs "out"))
567 (man1 (string-append out "/share/man/man1"))
568 (man7 (string-append out "/share/man/man7"))
569 (info (string-append out "/info")))
1fc8476d
MB		 570 (install-file "docs/_build/texinfo/Certbot.info" info)
571 (install-file "docs/_build/man/certbot.1" man1)
572 (install-file "docs/_build/man/certbot.7" man7)
573 #t))))))))
f9263d9a 574 ;; TODO: Add optional inputs for testing.
9fd0838b 575 (native-inputs
fed1898d 576 `(("python-nose" ,python-nose)
4ae65558 577 ("python-mock" ,python-mock)
f9263d9a 578 ;; For documentation
fed1898d
LF		 579 ("python-sphinx" ,python-sphinx)
580 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
581 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
582 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 583 ("texinfo" ,texinfo)))
9fd0838b 584 (propagated-inputs
fed1898d
LF		 585 `(("python-acme" ,python-acme)
586 ("python-zope-interface" ,python-zope-interface)
587 ("python-pyrfc3339" ,python-pyrfc3339)
588 ("python-pyopenssl" ,python-pyopenssl)
589 ("python-configobj" ,python-configobj)
590 ("python-configargparse" ,python-configargparse)
591 ("python-zope-component" ,python-zope-component)
592 ("python-parsedatetime" ,python-parsedatetime)
593 ("python-six" ,python-six)
594 ("python-psutil" ,python-psutil)
595 ("python-requests" ,python-requests)
596 ("python-pytz" ,python-pytz)))
d8a1be63 597 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 598 (description "Certbot automatically receives and installs X.509 certificates
599to enable Transport Layer Security (TLS) on servers. It interoperates with the
600Let’s Encrypt certificate authority (CA), which issues browser-trusted
601certificates for free.")
24778368 602 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 603 (license license:asl2.0)))
604
9495cf9a
LF		 605(define-public letsencrypt
606 (package (inherit certbot)
56ab55d1
LF		 607 (name "letsencrypt")
608 (properties `((superseded . ,certbot)))))
9495cf9a 609
cc2b77df
AE		 610(define-public perl-net-ssleay
611 (package
612 (name "perl-net-ssleay")
d6adba78 613 (version "1.82")
cc2b77df
AE		 614 (source (origin
615 (method url-fetch)
616 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
617 "Net-SSLeay-" version ".tar.gz"))
618 (sha256
619 (base32
d6adba78 620 "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq"))))
cc2b77df
AE		 621 (build-system perl-build-system)
622 (inputs `(("openssl" ,openssl)))
623 (arguments
1084ec08
MW		 624 `(#:phases
625 (modify-phases %standard-phases
1084ec08
MW		 626 (add-before
627 'configure 'set-ssl-prefix
628 (lambda* (#:key inputs #:allow-other-keys)
629 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
630 #t)))))
cc2b77df
AE		 631 (synopsis "Perl extension for using OpenSSL")
632 (description
633 "This module offers some high level convenience functions for accessing
634web pages on SSL servers (for symmetry, the same API is offered for accessing
635http servers, too), an sslcat() function for writing your own clients, and
636finally access to the SSL api of the SSLeay/OpenSSL package so you can write
637servers or clients for more complicated applications.")
2f3108ad 638 (license license:perl-license)
cc2b77df 639 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 640
641(define-public perl-crypt-openssl-rsa
642 (package
643 (name "perl-crypt-openssl-rsa")
644 (version "0.28")
645 (source
646 (origin
647 (method url-fetch)
648 (uri (string-append
649 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
650 version
651 ".tar.gz"))
652 (sha256
653 (base32
654 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
655 (build-system perl-build-system)
656 (inputs
657 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
658 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
659 ("openssl" ,openssl)))
660 (arguments perl-crypt-arguments)
661 (home-page
662 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
663 (synopsis
664 "RSA encoding and decoding, using the openSSL libraries")
665 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
666OpenSSL libraries).")
2f3108ad 667 (license license:perl-license)))
adff71ca
DM		 668
669(define perl-crypt-arguments
670 `(#:phases (modify-phases %standard-phases
671 (add-before 'configure 'patch-Makefile.PL
672 (lambda* (#:key inputs #:allow-other-keys)
673 (substitute* "Makefile.PL"
674 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
675 (assoc-ref inputs "openssl")
676 "/lib -lcrypto'],")))
677 #t)))))
678
679(define-public perl-crypt-openssl-bignum
680 (package
681 (name "perl-crypt-openssl-bignum")
7e8aac18 682 (version "0.09")
adff71ca
DM		 683 (source
684 (origin
685 (method url-fetch)
686 (uri (string-append
687 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
688 version
689 ".tar.gz"))
690 (sha256
691 (base32
7e8aac18 692 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 693 (build-system perl-build-system)
694 (inputs `(("openssl" ,openssl)))
695 (arguments perl-crypt-arguments)
696 (home-page
697 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
698 (synopsis
699 "OpenSSL's multiprecision integer arithmetic in Perl")
700 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
701arithmetic in Perl.")
702 ;; At your option either gpl1+ or the Artistic License
2f3108ad 703 (license license:perl-license)))
cccb4d26
DM		 704
705(define-public perl-crypt-openssl-random
706 (package
707 (name "perl-crypt-openssl-random")
708 (version "0.11")
709 (source
710 (origin
711 (method url-fetch)
712 (uri (string-append
713 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
714 version
715 ".tar.gz"))
716 (sha256
717 (base32
718 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
719 (build-system perl-build-system)
720 (inputs `(("openssl" ,openssl)))
721 (arguments perl-crypt-arguments)
722 (home-page
723 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
724 (synopsis
725 "OpenSSL/LibreSSL pseudo-random number generator access")
726 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
727number generator")
2f3108ad 728 (license license:perl-license)))
0581c273
LF		 729
730(define-public acme-client
731 (package
732 (name "acme-client")
4a6b2a21 733 (version "0.1.16")
0581c273
LF		 734 (source (origin
735 (method url-fetch)
736 (uri (string-append "https://kristaps.bsd.lv/" name "/"
737 "snapshots/" name "-portable-"
738 version ".tgz"))
739 (sha256
740 (base32
4a6b2a21 741 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 742 (build-system gnu-build-system)
743 (arguments
744 '(#:tests? #f ; no test suite
745 #:make-flags
746 (list "CC=gcc"
747 (string-append "PREFIX=" (assoc-ref %outputs "out")))
748 #:phases
749 (modify-phases %standard-phases
7c1a7bf4
LF		 750 (add-after 'unpack 'patch-paths
751 (lambda* (#:key inputs #:allow-other-keys)
752 (let ((pem (string-append (assoc-ref inputs "libressl")
753 "/etc/ssl/cert.pem")))
754 (substitute* "http.c"
755 (("/etc/ssl/cert.pem") pem))
756 #t)))
0581c273 757 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 758 (native-inputs
759 `(("pkg-config" ,pkg-config)))
0581c273
LF		 760 (inputs
761 `(("libbsd" ,libbsd)
762 ("libressl" ,libressl)))
763 (synopsis "Let's Encrypt client by the OpenBSD project")
764 (description "acme-client is a Let's Encrypt client implemented in C. It
765uses a modular design, and attempts to secure itself by dropping privileges and
766operating in a chroot where possible. acme-client is developed on OpenBSD and
767then ported to the GNU / Linux environment.")
768 (home-page "https://kristaps.bsd.lv/acme-client/")
769 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
770 ;; and 'jsmn.c' are distributed under the Expat license.
771 (license (list license:isc license:expat))))
88522738 772
773;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
774;; variant exists in addition to the "-apache" one.
775(define-public mbedtls-apache
776 (package
777 (name "mbedtls-apache")
22261238 778 (version "2.7.0")
88522738 779 (source
780 (origin
781 (method url-fetch)
782 ;; XXX: The download links on the website are script redirection links
783 ;; which effectively lead to the format listed in the uri here.
784 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
785 version "-apache.tgz"))
786 (sha256
787 (base32
36d48a53
KK		 788 "1vsmgxnw7dpvma51896n63yaf9sncmf885ax2jfcg89ssin6vdmf"))
789 ;; An RFC 5114 constant was accidentally renamed in version 2.7.0.
790 ;; See https://github.com/ARMmbed/mbedtls/pull/1362.
791 (modules '((guix build utils)))
792 (snippet
793 '(begin
794 (substitute* "include/mbedtls/dhm.h"
795 (("#define MBEDTLS_DHM_RFC5114_MODP_P")
6cbee49d
MW		 796 "#define MBEDTLS_DHM_RFC5114_MODP_2048_P"))
797 #t))))
88522738 798 (build-system cmake-build-system)
a64d9d56
RW		 799 (arguments
800 `(#:configure-flags
801 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON")))
88522738 802 (native-inputs
803 `(("perl" ,perl)))
804 (synopsis "Small TLS library")
805 (description
806 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
807for developers to include cryptographic and SSL/TLS capabilities in their
808(embedded) products, facilitating this functionality with a minimal
809coding footprint.")
810 (home-page "https://tls.mbed.org")
811 (license license:asl2.0)))
587d1752
RW		 812
813(define-public ghc-tls
814 (package
815 (name "ghc-tls")
816 (version "1.3.8")
817 (source (origin
818 (method url-fetch)
819 (uri (string-append "https://hackage.haskell.org/package/"
820 "tls/tls-" version ".tar.gz"))
821 (sha256
822 (base32
823 "1rdidf18i781c0vdvy9yn79yh08hmcacf6fp3sgghyiy3h0wyh5l"))))
824 (build-system haskell-build-system)
825 (inputs
826 `(("ghc-mtl" ,ghc-mtl)
827 ("ghc-cereal" ,ghc-cereal)
828 ("ghc-data-default-class" ,ghc-data-default-class)
829 ("ghc-memory" ,ghc-memory)
830 ("ghc-cryptonite" ,ghc-cryptonite)
831 ("ghc-asn1-types" ,ghc-asn1-types)
832 ("ghc-asn1-encoding" ,ghc-asn1-encoding)
833 ("ghc-x509" ,ghc-x509)
834 ("ghc-x509-store" ,ghc-x509-store)
835 ("ghc-x509-validation" ,ghc-x509-validation)
836 ("ghc-async" ,ghc-async)
837 ("ghc-network" ,ghc-network)
838 ("ghc-hourglass" ,ghc-hourglass)))
839 (native-inputs
840 `(("ghc-tasty" ,ghc-tasty)
841 ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)
842 ("ghc-quickcheck" ,ghc-quickcheck)))
843 (home-page "https://github.com/vincenthz/hs-tls")
844 (synopsis
845 "TLS/SSL protocol native implementation (Server and Client)")
846 (description
847 "Native Haskell TLS and SSL protocol implementation for server and client.
848This provides a high-level implementation of a sensitive security protocol,
849eliminating a common set of security issues through the use of the advanced
850type system, high level constructions and common Haskell features. Currently
851implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support RSA and
852Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many
853extensions.")
854 (license license:bsd-3)))
jackhill's copy of GNU Guix: https://guix.gnu.org/