[jackhill/guix/guix.git] / gnu / packages / tls.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages tls)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix utils)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system perl)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages libffi)
  #:use-module (gnu packages libidn)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages base))

(define-public libtasn1
  (package
    (name "libtasn1")
    (version "4.5")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)

                     ;; XXX: For some reason, libtasn1.info wants to be
                     ;; rebuilt, so we must provide 'makeinfo'.
                     ("texinfo" ,texinfo)))
    (home-page "http://www.gnu.org/software/libtasn1/")
    (synopsis "ASN.1 library")
    (description
     "GNU libtasn1 is a library implementing the ASN.1 notation.  It is used
for transmitting machine-neutral encodings of data objects in computer
networking, allowing for formal validation of data according to some
specifications.")
    (license license:lgpl2.0+)))

(define-public p11-kit
  (package
    (name "p11-kit")
    (version "0.23.1")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
      (modules '((guix build utils))) ; for substitute*
      (snippet
        '(begin
           ;; Drop one test that fails, also when trying to compile manually.
           ;; Reported upstream at
           ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
           (substitute* "Makefile.in"
             (("test-module\\$\\(EXEEXT\\) ") ""))))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("libffi" ,libffi)
       ("libtasn1" ,libtasn1)))
    (arguments
     `(#:configure-flags '("--without-trust-paths")))
    (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
    (synopsis "PKCS#11 library")
    (description
     "p11-kit provides a way to load and enumerate PKCS#11 modules.  It
provides a standard configuration setup for installing PKCS#11 modules
in such a way that they are discoverable.  It also solves problems with
coordinating the use of PKCS#11 by different components or libraries
living in the same process.")
    (license license:bsd-3)))

(define-public gnutls
  (package
    (name "gnutls")
    (version "3.4.4.1")
    (source (origin
             (method url-fetch)
             (uri
              ;; Note: Releases are no longer on ftp.gnu.org since the
              ;; schism (after version 3.1.5).
              (string-append "mirror://gnupg/gnutls/v"
                             (version-major+minor version)
                             "/gnutls-" version ".tar.xz"))
             (sha256
              (base32
               "1xf354xafavqhi207ll1m1isd4l5b31lic2sz9lw0j0r0fcxfnsj"))
             (patches (list (search-patch "gnutls-doc-fix.patch")))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       (list (string-append "--with-guile-site-dir="
                            (assoc-ref %outputs "out")
                            "/share/guile/site/2.0")
             ;; GnuTLS doesn't consult any environment variables to specify
             ;; the location of the system-wide trust store.  Instead it has a
             ;; configure-time option.  Unless specified, its configure script
             ;; attempts to auto-detect the location by looking for common
             ;; places in the filesystem, none of which are present in our
             ;; chroot build environment.  If not found, then no default trust
             ;; store is used, so each program has to provide its own
             ;; fallback, and users have to configure each program
             ;; independently.  This seems suboptimal.
             "--with-default-trust-store-dir=/etc/ssl/certs"

             ;; FIXME: Temporarily disable p11-kit support since it is not
             ;; working on mips64el.
             "--without-p11-kit")

       #:phases (modify-phases %standard-phases
                  (add-after
                   'unpack 'delete-prebuilt-unfixed-info-file
                   (lambda _
                     ;; XXX Delete the prebuilt info file, so that it will be
                     ;; rebuilt with the fixes in gnutls-doc-fix.patch.
                     (delete-file "doc/gnutls.info")
                     #t))
                  (add-after
                   'install 'move-doc
                   (lambda* (#:key outputs #:allow-other-keys)
                     ;; Copy the 4.1 MiB of section 3 man pages to "doc".
                     (let* ((out    (assoc-ref outputs "out"))
                            (doc    (assoc-ref outputs "doc"))
                            (mandir (string-append doc "/share/man/man3"))
                            (oldman (string-append out "/share/man/man3")))
                       (mkdir-p mandir)
                       (copy-recursively oldman mandir)
                       (delete-file-recursively oldman)
                       #t))))))
    (outputs '("out"                              ;4.4 MiB
               "debug"
               "doc"))                            ;4.1 MiB of man pages
    (native-inputs
     `(("pkg-config" ,pkg-config)
       ("texinfo" ,texinfo) ; XXX needed only to replace prebuilt, unfixed docs.
       ("which" ,which)))
    (inputs
     `(("guile" ,guile-2.0)
       ("perl" ,perl)))
    (propagated-inputs
     ;; These are all in the 'Requires.private' field of gnutls.pc.
     `(("libtasn1" ,libtasn1)
       ("libidn" ,libidn)
       ("nettle" ,nettle)
       ("zlib" ,zlib)))
    (home-page "http://www.gnu.org/software/gnutls/")
    (synopsis "Transport layer security library")
    (description
     "GnuTLS is a secure communications library implementing the SSL, TLS
and DTLS protocols.  It is provided in the form of a C library to support the
protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
required structures.")
    (license license:lgpl2.1+)))

(define-public openssl
  (package
   (name "openssl")
   (version "1.0.2d")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
                                ".tar.gz"))
            (sha256
             (base32
              "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
            (patches (list (search-patch "openssl-runpath.patch")))))
   (build-system gnu-build-system)
   (native-inputs `(("perl" ,perl)))
   (arguments
    `(#:parallel-build? #f
      #:parallel-tests? #f
      #:test-target "test"
      #:phases
      (modify-phases %standard-phases
        (add-before
         'configure 'fix-man-dir
         (lambda* (#:key outputs #:allow-other-keys)
           ;; The default MANDIR is some unusual place.  Fix that.
           (let ((out (assoc-ref outputs "out")))
             (substitute* "Makefile.org"
               (("^MANDIR[[:blank:]]*=.*$")
                (string-append "MANDIR = " out "/share/man\n")))
             #t)))
        (replace
         'configure
         (lambda* (#:key outputs #:allow-other-keys)
           (let ((out (assoc-ref outputs "out")))
             (zero?
              (system* "./config"
                       "shared"                   ;build shared libraries
                       "--libdir=lib"

                       ;; The default for this catch-all directory is
                       ;; PREFIX/ssl.  Change that to something more
                       ;; conventional.
                       (string-append "--openssldir=" out
                                      "/share/openssl-" ,version)

                       (string-append "--prefix=" out)

                       ;; XXX FIXME: Work around a code generation bug in GCC
                       ;; 4.9.3 on ARM when compiled with -mfpu=neon.  See:
                       ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
                       ,@(if (and (not (%current-target-system))
                                  (string-prefix? "armhf" (%current-system)))
                             '("-mfpu=vfpv3")
                             '()))))))
        (add-after
         'install 'make-libraries-writable
         (lambda* (#:key outputs #:allow-other-keys)
           ;; Make libraries writable so that 'strip' does its job.
           (let ((out (assoc-ref outputs "out")))
             (for-each (lambda (file)
                         (chmod file #o644))
                       (find-files (string-append out "/lib")
                                   "\\.so"))
             #t)))
        (add-before
         'patch-source-shebangs 'patch-tests
         (lambda* (#:key inputs native-inputs #:allow-other-keys)
           (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
             (substitute* (find-files "test" ".*")
               (("/bin/sh")
                (string-append bash "/bin/bash"))
               (("/bin/rm")
                "rm"))))))))
   (native-search-paths
    ;; FIXME: These two variables must designate a single file or directory
    ;; and are not actually "search paths."  In practice it works OK in user
    ;; profiles because there's always just one item that matches the
    ;; specification.
    (list (search-path-specification
           (variable "SSL_CERT_DIR")
           (files '("etc/ssl/certs")))
          (search-path-specification
           (variable "SSL_CERT_FILE")
           (files '("etc/ssl/certs/ca-certificates.crt")))))
   (synopsis "SSL/TLS implementation")
   (description
    "OpenSSL is an implementation of SSL/TLS.")
   (license license:openssl)
   (home-page "http://www.openssl.org/")))

(define-public libressl
  (package
    (name "libressl")
    (version "2.2.0")
    (source
     (origin
      (method url-fetch)
      (uri (string-append
             "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
             version ".tar.gz"))
      (sha256 (base32
               "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n"))))
    (build-system gnu-build-system)
    (native-search-paths
      ;; FIXME: These two variables must designate a single file or directory
      ;; and are not actually "search paths."  In practice it works OK in
      ;; user profiles because there's always just one item that matches the
      ;; specification.
     (list (search-path-specification
            (variable "SSL_CERT_DIR")
            (files '("etc/ssl/certs")))
           (search-path-specification
            (variable "SSL_CERT_FILE")
            (files '("etc/ssl/certs/ca-certificates.crt")))))
    (home-page "http://www.libressl.org/")
    (synopsis "SSL/TLS implementation")
    (description "LibreSSL is a version of the TLS/crypto stack forked
from OpenSSL in 2014, with the goals of modernizing the codebase, improving
security, and applying best practice development processes.")
    ;; Files taken from OpenSSL keep their license, others are under various
    ;; non-copyleft licenses.
    (license (list license:openssl
                   (license:non-copyleft
                     "file://COPYING"
                     "See COPYING in the distribution.")))))

(define-public perl-net-ssleay
  (package
    (name "perl-net-ssleay")
    (version "1.68")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
                                  "Net-SSLeay-" version ".tar.gz"))
              (sha256
               (base32
                "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
    (build-system perl-build-system)
    (native-inputs
     `(("patch" ,patch)
       ("patch/disable-ede-test"
        ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
    (inputs `(("openssl" ,openssl)))
    (arguments
     `(#:phases
       (modify-phases %standard-phases
         (add-after
          'unpack 'apply-patch
          (lambda* (#:key inputs #:allow-other-keys)
            ;; XXX We apply this patch here instead of in the 'origin' because
            ;; this package's build system fails badly when the source file
            ;; times are zeroed.
            ;; XXX Try removing this patch for perl-net-ssleay > 1.68
            (zero? (system* "patch" "--force" "-p1" "-i"
                            (assoc-ref inputs "patch/disable-ede-test")))))
         (add-before
          'configure 'set-ssl-prefix
          (lambda* (#:key inputs #:allow-other-keys)
            (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
            #t)))))
    (synopsis "Perl extension for using OpenSSL")
    (description
     "This module offers some high level convenience functions for accessing
web pages on SSL servers (for symmetry, the same API is offered for accessing
http servers, too), an sslcat() function for writing your own clients, and
finally access to the SSL api of the SSLeay/OpenSSL package so you can write
servers or clients for more complicated applications.")
    (license (package-license perl))
    (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
Commit	Line	Data
233e7676	1	;;; GNU Guix --- Functional package management for GNU
ce0614dd	2	;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
d585f244	3	;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
29a7c98a	4	;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df	5	;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
7543f865	6	;;;
233e7676	7	;;; This file is part of GNU Guix.
7543f865	8	;;;
233e7676	9	;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865 LC	10	;;; under the terms of the GNU General Public License as published by
	11	;;; the Free Software Foundation; either version 3 of the License, or (at
	12	;;; your option) any later version.
	13	;;;
233e7676	14	;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865 LC	15	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	16	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	;;; GNU General Public License for more details.
	18	;;;
	19	;;; You should have received a copy of the GNU General Public License
233e7676	20	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865	21
a7fd7b68	22	(define-module (gnu packages tls)
e9aa8d0c	23	#:use-module ((guix licenses) #:prefix license:)
7543f865 LC	24	#:use-module (guix packages)
7543f865 LC	25	#:use-module (guix download)
29a7c98a	26	#:use-module (guix utils)
7543f865	27	#:use-module (guix build-system gnu)
cc2b77df	28	#:use-module (guix build-system perl)
f61e0e79	29	#:use-module (gnu packages compression)
013ce67b	30	#:use-module (gnu packages)
1ffa7090	31	#:use-module (gnu packages guile)
27e86bed	32	#:use-module (gnu packages libffi)
866f469e	33	#:use-module (gnu packages libidn)
27e86bed	34	#:use-module (gnu packages nettle)
1ffa7090	35	#:use-module (gnu packages perl)
27e86bed	36	#:use-module (gnu packages pkg-config)
a31f4d35	37	#:use-module (gnu packages texinfo)
ce0614dd	38	#:use-module (gnu packages base))
7543f865 LC	39
	40	(define-public libtasn1
	41	(package
	42	(name "libtasn1")
b8949a2f	43	(version "4.5")
7543f865 LC	44	(source
	45	(origin
	46	(method url-fetch)
	47	(uri (string-append "mirror://gnu/libtasn1/libtasn1-"
	48	version ".tar.gz"))
	49	(sha256
	50	(base32
b8949a2f	51	"1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
7543f865	52	(build-system gnu-build-system)
a31f4d35 LC	53	(native-inputs `(("perl" ,perl)
	54
	55	;; XXX: For some reason, libtasn1.info wants to be
	56	;; rebuilt, so we must provide 'makeinfo'.
	57	("texinfo" ,texinfo)))
7543f865	58	(home-page "http://www.gnu.org/software/libtasn1/")
f50d2669	59	(synopsis "ASN.1 library")
7543f865	60	(description
79c311b8 LC	61	"GNU libtasn1 is a library implementing the ASN.1 notation. It is used
79c311b8 LC	62	for transmitting machine-neutral encodings of data objects in computer
a22dc0c4 LC	63	networking, allowing for formal validation of data according to some
a22dc0c4 LC	64	specifications.")
e9aa8d0c	65	(license license:lgpl2.0+)))
7543f865	66
27e86bed AE	67	(define-public p11-kit
	68	(package
	69	(name "p11-kit")
14fe9488	70	(version "0.23.1")
27e86bed AE	71	(source
	72	(origin
	73	(method url-fetch)
	74	(uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
	75	version ".tar.gz"))
	76	(sha256
	77	(base32
14fe9488	78	"1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
27e86bed AE	79	(modules '((guix build utils))) ; for substitute*
	80	(snippet
	81	'(begin
	82	;; Drop one test that fails, also when trying to compile manually.
	83	;; Reported upstream at
	84	;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
	85	(substitute* "Makefile.in"
	86	(("test-module\\$\\(EXEEXT\\) ") ""))))))
	87	(build-system gnu-build-system)
	88	(native-inputs
	89	`(("pkg-config" ,pkg-config)))
	90	(inputs
	91	`(("libffi" ,libffi)
	92	("libtasn1" ,libtasn1)))
	93	(arguments
	94	`(#:configure-flags '("--without-trust-paths")))
	95	(home-page "http://p11-glue.freedesktop.org/p11-kit.html")
	96	(synopsis "PKCS#11 library")
	97	(description
	98	"p11-kit provides a way to load and enumerate PKCS#11 modules. It
	99	provides a standard configuration setup for installing PKCS#11 modules
	100	in such a way that they are discoverable. It also solves problems with
	101	coordinating the use of PKCS#11 by different components or libraries
	102	living in the same process.")
e9aa8d0c	103	(license license:bsd-3)))
27e86bed	104
7543f865 LC	105	(define-public gnutls
	106	(package
	107	(name "gnutls")
9cdce047	108	(version "3.4.4.1")
d7d408d5 LC	109	(source (origin
	110	(method url-fetch)
	111	(uri
	112	;; Note: Releases are no longer on ftp.gnu.org since the
	113	;; schism (after version 3.1.5).
d93627e4	114	(string-append "mirror://gnupg/gnutls/v"
29a7c98a	115	(version-major+minor version)
d93627e4	116	"/gnutls-" version ".tar.xz"))
d7d408d5 LC	117	(sha256
d7d408d5 LC	118	(base32
9cdce047 MW	119	"1xf354xafavqhi207ll1m1isd4l5b31lic2sz9lw0j0r0fcxfnsj"))
9cdce047 MW	120	(patches (list (search-patch "gnutls-doc-fix.patch")))))
7543f865	121	(build-system gnu-build-system)
b94ae0b8 AK	122	(arguments
	123	'(#:configure-flags
	124	(list (string-append "--with-guile-site-dir="
	125	(assoc-ref %outputs "out")
aa7c7f21 MW	126	"/share/guile/site/2.0")
	127	;; GnuTLS doesn't consult any environment variables to specify
	128	;; the location of the system-wide trust store. Instead it has a
	129	;; configure-time option. Unless specified, its configure script
	130	;; attempts to auto-detect the location by looking for common
	131	;; places in the filesystem, none of which are present in our
	132	;; chroot build environment. If not found, then no default trust
	133	;; store is used, so each program has to provide its own
	134	;; fallback, and users have to configure each program
	135	;; independently. This seems suboptimal.
866f469e MW	136	"--with-default-trust-store-dir=/etc/ssl/certs"
	137
	138	;; FIXME: Temporarily disable p11-kit support since it is not
	139	;; working on mips64el.
606c6380 LC	140	"--without-p11-kit")
	141
	142	#:phases (modify-phases %standard-phases
9cdce047 MW	143	(add-after
	144	'unpack 'delete-prebuilt-unfixed-info-file
	145	(lambda _
	146	;; XXX Delete the prebuilt info file, so that it will be
	147	;; rebuilt with the fixes in gnutls-doc-fix.patch.
	148	(delete-file "doc/gnutls.info")
	149	#t))
606c6380 LC	150	(add-after
	151	'install 'move-doc
	152	(lambda* (#:key outputs #:allow-other-keys)
	153	;; Copy the 4.1 MiB of section 3 man pages to "doc".
	154	(let* ((out (assoc-ref outputs "out"))
	155	(doc (assoc-ref outputs "doc"))
9cdce047	156	(mandir (string-append doc "/share/man/man3"))
606c6380 LC	157	(oldman (string-append out "/share/man/man3")))
	158	(mkdir-p mandir)
	159	(copy-recursively oldman mandir)
	160	(delete-file-recursively oldman)
	161	#t))))))
	162	(outputs '("out" ;4.4 MiB
	163	"debug"
	164	"doc")) ;4.1 MiB of man pages
a1db0975	165	(native-inputs
d2fcfd3d	166	`(("pkg-config" ,pkg-config)
9cdce047	167	("texinfo" ,texinfo) ; XXX needed only to replace prebuilt, unfixed docs.
d2fcfd3d	168	("which" ,which)))
7543f865 LC	169	(inputs
7543f865 LC	170	`(("guile" ,guile-2.0)
0cb9b456	171	("perl" ,perl)))
7543f865	172	(propagated-inputs
d2fcfd3d	173	;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865	174	`(("libtasn1" ,libtasn1)
866f469e MW	175	("libidn" ,libidn)
866f469e MW	176	("nettle" ,nettle)
f61e0e79	177	("zlib" ,zlib)))
7543f865	178	(home-page "http://www.gnu.org/software/gnutls/")
f50d2669	179	(synopsis "Transport layer security library")
7543f865	180	(description
a22dc0c4	181	"GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8	182	and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4 LC	183	protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
a22dc0c4 LC	184	required structures.")
e9aa8d0c	185	(license license:lgpl2.1+)))
cc2b77df AE	186
	187	(define-public openssl
	188	(package
	189	(name "openssl")
1f4335ae	190	(version "1.0.2d")
cc2b77df AE	191	(source (origin
	192	(method url-fetch)
	193	(uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
	194	".tar.gz"))
	195	(sha256
	196	(base32
1f4335ae	197	"1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
cc2b77df AE	198	(patches (list (search-patch "openssl-runpath.patch")))))
	199	(build-system gnu-build-system)
	200	(native-inputs `(("perl" ,perl)))
	201	(arguments
e1202717	202	`(#:parallel-build? #f
cc2b77df AE	203	#:parallel-tests? #f
	204	#:test-target "test"
	205	#:phases
b6cb1358	206	(modify-phases %standard-phases
4fb254a3 LC	207	(add-before
	208	'configure 'fix-man-dir
	209	(lambda* (#:key outputs #:allow-other-keys)
	210	;; The default MANDIR is some unusual place. Fix that.
	211	(let ((out (assoc-ref outputs "out")))
	212	(substitute* "Makefile.org"
	213	(("^MANDIR[[:blank:]]=.$")
	214	(string-append "MANDIR = " out "/share/man\n")))
	215	#t)))
b6cb1358 LC	216	(replace
	217	'configure
	218	(lambda* (#:key outputs #:allow-other-keys)
	219	(let ((out (assoc-ref outputs "out")))
	220	(zero?
	221	(system* "./config"
	222	"shared" ;build shared libraries
	223	"--libdir=lib"
4fb254a3 LC	224
	225	;; The default for this catch-all directory is
	226	;; PREFIX/ssl. Change that to something more
	227	;; conventional.
	228	(string-append "--openssldir=" out
	229	"/share/openssl-" ,version)
	230
b6cb1358 LC	231	(string-append "--prefix=" out)
	232
	233	;; XXX FIXME: Work around a code generation bug in GCC
	234	;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
	235	;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
	236	,@(if (and (not (%current-target-system))
	237	(string-prefix? "armhf" (%current-system)))
	238	'("-mfpu=vfpv3")
	239	'()))))))
fe8199a8 LC	240	(add-after
	241	'install 'make-libraries-writable
	242	(lambda* (#:key outputs #:allow-other-keys)
	243	;; Make libraries writable so that 'strip' does its job.
	244	(let ((out (assoc-ref outputs "out")))
	245	(for-each (lambda (file)
	246	(chmod file #o644))
	247	(find-files (string-append out "/lib")
	248	"\\.so"))
	249	#t)))
b6cb1358 LC	250	(add-before
	251	'patch-source-shebangs 'patch-tests
	252	(lambda* (#:key inputs native-inputs #:allow-other-keys)
	253	(let ((bash (assoc-ref (or native-inputs inputs) "bash")))
	254	(substitute* (find-files "test" ".*")
	255	(("/bin/sh")
	256	(string-append bash "/bin/bash"))
	257	(("/bin/rm")
	258	"rm"))))))))
cc2b77df AE	259	(native-search-paths
	260	;; FIXME: These two variables must designate a single file or directory
	261	;; and are not actually "search paths." In practice it works OK in user
	262	;; profiles because there's always just one item that matches the
	263	;; specification.
	264	(list (search-path-specification
	265	(variable "SSL_CERT_DIR")
	266	(files '("etc/ssl/certs")))
	267	(search-path-specification
	268	(variable "SSL_CERT_FILE")
	269	(files '("etc/ssl/certs/ca-certificates.crt")))))
	270	(synopsis "SSL/TLS implementation")
	271	(description
e881752c	272	"OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c	273	(license license:openssl)
cc2b77df AE	274	(home-page "http://www.openssl.org/")))
cc2b77df AE	275
cb6a802c AE	276	(define-public libressl
	277	(package
	278	(name "libressl")
	279	(version "2.2.0")
	280	(source
	281	(origin
	282	(method url-fetch)
	283	(uri (string-append
	284	"http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
	285	version ".tar.gz"))
	286	(sha256 (base32
	287	"0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n"))))
	288	(build-system gnu-build-system)
	289	(native-search-paths
	290	;; FIXME: These two variables must designate a single file or directory
	291	;; and are not actually "search paths." In practice it works OK in
	292	;; user profiles because there's always just one item that matches the
	293	;; specification.
	294	(list (search-path-specification
	295	(variable "SSL_CERT_DIR")
	296	(files '("etc/ssl/certs")))
	297	(search-path-specification
	298	(variable "SSL_CERT_FILE")
	299	(files '("etc/ssl/certs/ca-certificates.crt")))))
	300	(home-page "http://www.libressl.org/")
	301	(synopsis "SSL/TLS implementation")
	302	(description "LibreSSL is a version of the TLS/crypto stack forked
	303	from OpenSSL in 2014, with the goals of modernizing the codebase, improving
	304	security, and applying best practice development processes.")
	305	;; Files taken from OpenSSL keep their license, others are under various
	306	;; non-copyleft licenses.
	307	(license (list license:openssl
	308	(license:non-copyleft
	309	"file://COPYING"
	310	"See COPYING in the distribution.")))))
	311
cc2b77df AE	312	(define-public perl-net-ssleay
	313	(package
	314	(name "perl-net-ssleay")
	315	(version "1.68")
	316	(source (origin
	317	(method url-fetch)
	318	(uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
	319	"Net-SSLeay-" version ".tar.gz"))
	320	(sha256
	321	(base32
1084ec08	322	"1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df	323	(build-system perl-build-system)
1084ec08 MW	324	(native-inputs
	325	`(("patch" ,patch)
	326	("patch/disable-ede-test"
	327	,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df AE	328	(inputs `(("openssl" ,openssl)))
cc2b77df AE	329	(arguments
1084ec08 MW	330	`(#:phases
	331	(modify-phases %standard-phases
	332	(add-after
	333	'unpack 'apply-patch
	334	(lambda* (#:key inputs #:allow-other-keys)
	335	;; XXX We apply this patch here instead of in the 'origin' because
	336	;; this package's build system fails badly when the source file
	337	;; times are zeroed.
	338	;; XXX Try removing this patch for perl-net-ssleay > 1.68
	339	(zero? (system* "patch" "--force" "-p1" "-i"
	340	(assoc-ref inputs "patch/disable-ede-test")))))
	341	(add-before
	342	'configure 'set-ssl-prefix
	343	(lambda* (#:key inputs #:allow-other-keys)
	344	(setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
	345	#t)))))
cc2b77df AE	346	(synopsis "Perl extension for using OpenSSL")
	347	(description
	348	"This module offers some high level convenience functions for accessing
	349	web pages on SSL servers (for symmetry, the same API is offered for accessing
	350	http servers, too), an sslcat() function for writing your own clients, and
	351	finally access to the SSL api of the SSLeay/OpenSSL package so you can write
	352	servers or clients for more complicated applications.")
	353	(license (package-license perl))
	354	(home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))