1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
5 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
7 ;;; This file is part of GNU Guix.
9 ;;; GNU Guix is free software; you can redistribute it and/or modify it
10 ;;; under the terms of the GNU General Public License as published by
11 ;;; the Free Software Foundation; either version 3 of the License, or (at
12 ;;; your option) any later version.
14 ;;; GNU Guix is distributed in the hope that it will be useful, but
15 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;;; GNU General Public License for more details.
19 ;;; You should have received a copy of the GNU General Public License
20 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
22 (define-module (gnu packages tls)
23 #:use-module ((guix licenses) #:prefix license:)
24 #:use-module (guix packages)
25 #:use-module (guix download)
26 #:use-module (guix utils)
27 #:use-module (guix build-system gnu)
28 #:use-module (guix build-system perl)
29 #:use-module (gnu packages compression)
30 #:use-module (gnu packages)
31 #:use-module (gnu packages guile)
32 #:use-module (gnu packages libffi)
33 #:use-module (gnu packages libidn)
34 #:use-module (gnu packages nettle)
35 #:use-module (gnu packages perl)
36 #:use-module (gnu packages pkg-config)
37 #:use-module (gnu packages texinfo)
38 #:use-module (gnu packages base))
40 (define-public libtasn1
47 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
51 "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
52 (build-system gnu-build-system)
53 (native-inputs `(("perl" ,perl)
55 ;; XXX: For some reason, libtasn1.info wants to be
56 ;; rebuilt, so we must provide 'makeinfo'.
57 ("texinfo" ,texinfo)))
58 (home-page "http://www.gnu.org/software/libtasn1/")
59 (synopsis "ASN.1 library")
61 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
62 for transmitting machine-neutral encodings of data objects in computer
63 networking, allowing for formal validation of data according to some
65 (license license:lgpl2.0+)))
67 (define-public p11-kit
74 (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
78 "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
79 (modules '((guix build utils))) ; for substitute*
82 ;; Drop one test that fails, also when trying to compile manually.
83 ;; Reported upstream at
84 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
85 (substitute* "Makefile.in"
86 (("test-module\\$\\(EXEEXT\\) ") ""))))))
87 (build-system gnu-build-system)
89 `(("pkg-config" ,pkg-config)))
92 ("libtasn1" ,libtasn1)))
94 `(#:configure-flags '("--without-trust-paths")))
95 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
96 (synopsis "PKCS#11 library")
98 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
99 provides a standard configuration setup for installing PKCS#11 modules
100 in such a way that they are discoverable. It also solves problems with
101 coordinating the use of PKCS#11 by different components or libraries
102 living in the same process.")
103 (license license:bsd-3)))
105 (define-public gnutls
112 ;; Note: Releases are no longer on ftp.gnu.org since the
113 ;; schism (after version 3.1.5).
114 (string-append "mirror://gnupg/gnutls/v"
115 (version-major+minor version)
116 "/gnutls-" version ".tar.xz"))
119 "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
120 (build-system gnu-build-system)
123 (list (string-append "--with-guile-site-dir="
124 (assoc-ref %outputs "out")
125 "/share/guile/site/2.0")
126 ;; GnuTLS doesn't consult any environment variables to specify
127 ;; the location of the system-wide trust store. Instead it has a
128 ;; configure-time option. Unless specified, its configure script
129 ;; attempts to auto-detect the location by looking for common
130 ;; places in the filesystem, none of which are present in our
131 ;; chroot build environment. If not found, then no default trust
132 ;; store is used, so each program has to provide its own
133 ;; fallback, and users have to configure each program
134 ;; independently. This seems suboptimal.
135 "--with-default-trust-store-dir=/etc/ssl/certs"
137 ;; FIXME: Temporarily disable p11-kit support since it is not
138 ;; working on mips64el.
141 #:phases (modify-phases %standard-phases
144 (lambda* (#:key outputs #:allow-other-keys)
145 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
146 (let* ((out (assoc-ref outputs "out"))
147 (doc (assoc-ref outputs "doc"))
148 (mandir (string-append doc "/share/man"))
149 (oldman (string-append out "/share/man/man3")))
151 (copy-recursively oldman mandir)
152 (delete-file-recursively oldman)
154 (outputs '("out" ;4.4 MiB
156 "doc")) ;4.1 MiB of man pages
158 `(("pkg-config" ,pkg-config)
161 `(("guile" ,guile-2.0)
164 ;; These are all in the 'Requires.private' field of gnutls.pc.
165 `(("libtasn1" ,libtasn1)
169 (home-page "http://www.gnu.org/software/gnutls/")
170 (synopsis "Transport layer security library")
172 "GnuTLS is a secure communications library implementing the SSL, TLS
173 and DTLS protocols. It is provided in the form of a C library to support the
174 protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
175 required structures.")
176 (license license:lgpl2.1+)))
178 (define-public openssl
184 (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
188 "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
189 (patches (list (search-patch "openssl-runpath.patch")))))
190 (build-system gnu-build-system)
191 (native-inputs `(("perl" ,perl)))
193 '(#:parallel-build? #f
199 (lambda* (#:key outputs #:allow-other-keys)
200 (let ((out (assoc-ref outputs "out")))
203 "shared" ; build shared libraries
205 (string-append "--prefix=" out)))))
207 'patch-source-shebangs 'patch-tests
208 (lambda* (#:key inputs native-inputs #:allow-other-keys)
209 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
210 (substitute* (find-files "test" ".*")
212 (string-append bash "/bin/bash"))
217 ;; FIXME: These two variables must designate a single file or directory
218 ;; and are not actually "search paths." In practice it works OK in user
219 ;; profiles because there's always just one item that matches the
221 (list (search-path-specification
222 (variable "SSL_CERT_DIR")
223 (files '("etc/ssl/certs")))
224 (search-path-specification
225 (variable "SSL_CERT_FILE")
226 (files '("etc/ssl/certs/ca-certificates.crt")))))
227 (synopsis "SSL/TLS implementation")
229 "OpenSSL is an implementation of SSL/TLS")
230 (license license:openssl)
231 (home-page "http://www.openssl.org/")))
233 (define-public libressl
241 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
244 "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n"))))
245 (build-system gnu-build-system)
247 ;; FIXME: These two variables must designate a single file or directory
248 ;; and are not actually "search paths." In practice it works OK in
249 ;; user profiles because there's always just one item that matches the
251 (list (search-path-specification
252 (variable "SSL_CERT_DIR")
253 (files '("etc/ssl/certs")))
254 (search-path-specification
255 (variable "SSL_CERT_FILE")
256 (files '("etc/ssl/certs/ca-certificates.crt")))))
257 (home-page "http://www.libressl.org/")
258 (synopsis "SSL/TLS implementation")
259 (description "LibreSSL is a version of the TLS/crypto stack forked
260 from OpenSSL in 2014, with the goals of modernizing the codebase, improving
261 security, and applying best practice development processes.")
262 ;; Files taken from OpenSSL keep their license, others are under various
263 ;; non-copyleft licenses.
264 (license (list license:openssl
265 (license:non-copyleft
267 "See COPYING in the distribution.")))))
269 (define-public perl-net-ssleay
271 (name "perl-net-ssleay")
275 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
276 "Net-SSLeay-" version ".tar.gz"))
279 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))
281 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
282 (list (search-patch "perl-net-ssleay-disable-ede-test.patch")))))
283 (build-system perl-build-system)
284 (inputs `(("openssl" ,openssl)))
286 `(#:phases (alist-cons-before
287 'configure 'set-ssl-prefix
288 (lambda* (#:key inputs #:allow-other-keys)
289 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")))
291 (synopsis "Perl extension for using OpenSSL")
293 "This module offers some high level convenience functions for accessing
294 web pages on SSL servers (for symmetry, the same API is offered for accessing
295 http servers, too), an sslcat() function for writing your own clients, and
296 finally access to the SSL api of the SSLeay/OpenSSL package so you can write
297 servers or clients for more complicated applications.")
298 (license (package-license perl))
299 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))