HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into core-updates
[jackhill/guix/guix.git] / gnu / packages / tls.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
5 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
6 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
7 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
8 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
9 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
10 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
11 ;;;
12 ;;; This file is part of GNU Guix.
13 ;;;
14 ;;; GNU Guix is free software; you can redistribute it and/or modify it
15 ;;; under the terms of the GNU General Public License as published by
16 ;;; the Free Software Foundation; either version 3 of the License, or (at
17 ;;; your option) any later version.
18 ;;;
19 ;;; GNU Guix is distributed in the hope that it will be useful, but
20 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 ;;; GNU General Public License for more details.
23 ;;;
24 ;;; You should have received a copy of the GNU General Public License
25 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
26
27 (define-module (gnu packages tls)
28 #:use-module ((guix licenses) #:prefix license:)
29 #:use-module (guix packages)
30 #:use-module (guix download)
31 #:use-module (guix utils)
32 #:use-module (guix build-system gnu)
33 #:use-module (guix build-system perl)
34 #:use-module (guix build-system python)
35 #:use-module (guix build-system cmake)
36 #:use-module (gnu packages compression)
37 #:use-module (gnu packages)
38 #:use-module (gnu packages guile)
39 #:use-module (gnu packages libbsd)
40 #:use-module (gnu packages libffi)
41 #:use-module (gnu packages libidn)
42 #:use-module (gnu packages linux)
43 #:use-module (gnu packages ncurses)
44 #:use-module (gnu packages nettle)
45 #:use-module (gnu packages perl)
46 #:use-module (gnu packages pkg-config)
47 #:use-module (gnu packages python)
48 #:use-module (gnu packages texinfo)
49 #:use-module (gnu packages base)
50 #:use-module (srfi srfi-1))
51
52 (define-public libtasn1
53 (package
54 (name "libtasn1")
55 (version "4.10")
56 (source
57 (origin
58 (method url-fetch)
59 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
60 version ".tar.gz"))
61 (sha256
62 (base32
63 "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
64 (build-system gnu-build-system)
65 (native-inputs `(("perl" ,perl)))
66 (home-page "http://www.gnu.org/software/libtasn1/")
67 (synopsis "ASN.1 library")
68 (description
69 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
70 for transmitting machine-neutral encodings of data objects in computer
71 networking, allowing for formal validation of data according to some
72 specifications.")
73 (license license:lgpl2.0+)))
74
75 (define-public asn1c
76 (package
77 (name "asn1c")
78 (version "0.9.27")
79 (source (origin
80 (method url-fetch)
81 (uri (string-append "https://lionet.info/soft/asn1c-"
82 version ".tar.gz"))
83 (sha256
84 (base32
85 "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
86 (build-system gnu-build-system)
87 (native-inputs
88 `(("perl" ,perl)))
89 (home-page "https://lionet.info/asn1c")
90 (synopsis "ASN.1 to C compiler")
91 (description "The ASN.1 to C compiler takes ASN.1 module
92 files and generates C++ compatible C source code. That code can be
93 used to serialize the native C structures into compact and unambiguous
94 BER/XER/PER-based data files, and deserialize the files back.
95
96 Various ASN.1 based formats are widely used in the industry, such as to encode
97 the X.509 certificates employed in the HTTPS handshake, to exchange control
98 data between mobile phones and cellular networks, to car-to-car communication
99 in intelligent transportation networks.")
100 (license license:bsd-2)))
101
102 (define-public p11-kit
103 (package
104 (name "p11-kit")
105 (version "0.23.2")
106 (source
107 (origin
108 (method url-fetch)
109 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
110 version ".tar.gz"))
111 (sha256
112 (base32
113 "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
114 (modules '((guix build utils))) ; for substitute*
115 (snippet
116 '(begin
117 ;; Drop one test that fails, also when trying to compile manually.
118 ;; Reported upstream at
119 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
120 (substitute* "Makefile.in"
121 (("test-module\\$\\(EXEEXT\\) ") ""))))))
122 (build-system gnu-build-system)
123 (native-inputs
124 `(("pkg-config" ,pkg-config)))
125 (inputs
126 `(("libffi" ,libffi)
127 ("libtasn1" ,libtasn1)))
128 (arguments
129 `(#:configure-flags '("--without-trust-paths")))
130 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
131 (synopsis "PKCS#11 library")
132 (description
133 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
134 provides a standard configuration setup for installing PKCS#11 modules
135 in such a way that they are discoverable. It also solves problems with
136 coordinating the use of PKCS#11 by different components or libraries
137 living in the same process.")
138 (license license:bsd-3)))
139
140 (define-public gnutls
141 (package
142 (name "gnutls")
143 (version "3.5.9")
144 (source (origin
145 (method url-fetch)
146 (uri
147 ;; Note: Releases are no longer on ftp.gnu.org since the
148 ;; schism (after version 3.1.5).
149 (string-append "mirror://gnupg/gnutls/v"
150 (version-major+minor version)
151 "/gnutls-" version ".tar.xz"))
152 (sha256
153 (base32
154 "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
155 (build-system gnu-build-system)
156 (arguments
157 '(#:configure-flags
158 (list (string-append "--with-guile-site-dir="
159 (assoc-ref %outputs "out")
160 "/share/guile/site/2.0")
161 ;; GnuTLS doesn't consult any environment variables to specify
162 ;; the location of the system-wide trust store. Instead it has a
163 ;; configure-time option. Unless specified, its configure script
164 ;; attempts to auto-detect the location by looking for common
165 ;; places in the file system, none of which are present in our
166 ;; chroot build environment. If not found, then no default trust
167 ;; store is used, so each program has to provide its own
168 ;; fallback, and users have to configure each program
169 ;; independently. This seems suboptimal.
170 "--with-default-trust-store-dir=/etc/ssl/certs"
171
172 ;; FIXME: Temporarily disable p11-kit support since it is not
173 ;; working on mips64el.
174 "--without-p11-kit")
175
176 #:phases (modify-phases %standard-phases
177 (add-after
178 'install 'move-doc
179 (lambda* (#:key outputs #:allow-other-keys)
180 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
181 (let* ((out (assoc-ref outputs "out"))
182 (doc (assoc-ref outputs "doc"))
183 (mandir (string-append doc "/share/man/man3"))
184 (oldman (string-append out "/share/man/man3")))
185 (mkdir-p mandir)
186 (copy-recursively oldman mandir)
187 (delete-file-recursively oldman)
188 #t))))))
189 (outputs '("out" ;4.4 MiB
190 "debug"
191 "doc")) ;4.1 MiB of man pages
192 (native-inputs
193 `(("net-tools" ,net-tools)
194 ("pkg-config" ,pkg-config)
195 ("which" ,which)))
196 (inputs
197 `(("guile" ,guile-2.0)))
198 (propagated-inputs
199 ;; These are all in the 'Requires.private' field of gnutls.pc.
200 `(("libtasn1" ,libtasn1)
201 ("libidn2" ,libidn2)
202 ("nettle" ,nettle)
203 ("zlib" ,zlib)))
204 (home-page "https://www.gnu.org/software/gnutls/")
205 (synopsis "Transport layer security library")
206 (description
207 "GnuTLS is a secure communications library implementing the SSL, TLS
208 and DTLS protocols. It is provided in the form of a C library to support the
209 protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
210 required structures.")
211 (license license:lgpl2.1+)
212 (properties '((ftp-server . "ftp.gnutls.org")
213 (ftp-directory . "/gcrypt/gnutls")))))
214
215 (define-public gnutls/guile-2.2
216 ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
217 (package
218 (inherit gnutls)
219 (name "guile2.2-gnutls")
220 (arguments
221 ;; Remove '--with-guile-site-dir=…/2.0'.
222 (substitute-keyword-arguments (package-arguments gnutls)
223 ((#:configure-flags flags)
224 `(cdr ,flags))))
225 (inputs `(("guile" ,guile-2.2)
226 ,@(alist-delete "guile" (package-inputs gnutls))))))
227
228 (define-public openssl
229 (package
230 (name "openssl")
231 (version "1.0.2k")
232 (source (origin
233 (method url-fetch)
234 (uri (list (string-append "ftp://ftp.openssl.org/source/"
235 name "-" version ".tar.gz")
236 (string-append "ftp://ftp.openssl.org/source/old/"
237 (string-trim-right version char-set:letter)
238 "/" name "-" version ".tar.gz")))
239 (sha256
240 (base32
241 "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
242 (patches (search-patches "openssl-runpath.patch"
243 "openssl-c-rehash-in.patch"))))
244 (build-system gnu-build-system)
245 (outputs '("out"
246 "doc" ;1.5MiB of man3 pages
247 "static")) ;6MiB of .a files
248 (native-inputs `(("perl" ,perl)))
249 (arguments
250 `(#:disallowed-references (,perl)
251 #:parallel-build? #f
252 #:parallel-tests? #f
253 #:test-target "test"
254
255 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
256 ;; so we explicitly disallow it here.
257 #:disallowed-references ,(list (canonical-package perl))
258 #:phases
259 (modify-phases %standard-phases
260 (add-before
261 'configure 'patch-Makefile.org
262 (lambda* (#:key outputs #:allow-other-keys)
263 ;; The default MANDIR is some unusual place. Fix that.
264 (let ((out (assoc-ref outputs "out")))
265 (patch-makefile-SHELL "Makefile.org")
266 (substitute* "Makefile.org"
267 (("^MANDIR[[:blank:]]*=.*$")
268 (string-append "MANDIR = " out "/share/man\n")))
269 #t)))
270 (replace
271 'configure
272 (lambda* (#:key outputs #:allow-other-keys)
273 (let ((out (assoc-ref outputs "out")))
274 (zero?
275 (system* "./config"
276 "shared" ;build shared libraries
277 "--libdir=lib"
278
279 ;; The default for this catch-all directory is
280 ;; PREFIX/ssl. Change that to something more
281 ;; conventional.
282 (string-append "--openssldir=" out
283 "/share/openssl-" ,version)
284
285 (string-append "--prefix=" out)
286
287 ;; XXX FIXME: Work around a code generation bug in GCC
288 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
289 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
290 ,@(if (and (not (%current-target-system))
291 (string-prefix? "armhf" (%current-system)))
292 '("-mfpu=vfpv3")
293 '()))))))
294 (add-after
295 'install 'make-libraries-writable
296 (lambda* (#:key outputs #:allow-other-keys)
297 ;; Make libraries writable so that 'strip' does its job.
298 (let ((out (assoc-ref outputs "out")))
299 (for-each (lambda (file)
300 (chmod file #o644))
301 (find-files (string-append out "/lib")
302 "\\.so"))
303 #t)))
304 (add-after 'install 'move-static-libraries
305 (lambda* (#:key outputs #:allow-other-keys)
306 ;; Move static libraries to the "static" output.
307 (let* ((out (assoc-ref outputs "out"))
308 (lib (string-append out "/lib"))
309 (static (assoc-ref outputs "static"))
310 (slib (string-append static "/lib")))
311 (for-each (lambda (file)
312 (install-file file slib)
313 (delete-file file))
314 (find-files lib "\\.a$"))
315 #t)))
316 (add-after 'install 'move-man3-pages
317 (lambda* (#:key outputs #:allow-other-keys)
318 ;; Move section 3 man pages to "doc".
319 (let* ((out (assoc-ref outputs "out"))
320 (man3 (string-append out "/share/man/man3"))
321 (doc (assoc-ref outputs "doc"))
322 (target (string-append doc "/share/man/man3")))
323 (mkdir-p target)
324 (for-each (lambda (file)
325 (rename-file file
326 (string-append target "/"
327 (basename file))))
328 (find-files man3))
329 (delete-file-recursively man3)
330 #t)))
331 (add-before
332 'patch-source-shebangs 'patch-tests
333 (lambda* (#:key inputs native-inputs #:allow-other-keys)
334 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
335 (substitute* (find-files "test" ".*")
336 (("/bin/sh")
337 (string-append bash "/bin/sh"))
338 (("/bin/rm")
339 "rm"))
340 #t)))
341 (add-after
342 'install 'remove-miscellany
343 (lambda* (#:key outputs #:allow-other-keys)
344 ;; The 'misc' directory contains random undocumented shell and Perl
345 ;; scripts. Remove them to avoid retaining a reference on Perl.
346 (let ((out (assoc-ref outputs "out")))
347 (delete-file-recursively (string-append out "/share/openssl-"
348 ,version "/misc"))
349 #t))))))
350 (native-search-paths
351 ;; FIXME: These two variables must designate a single file or directory
352 ;; and are not actually "search paths." In practice it works OK in user
353 ;; profiles because there's always just one item that matches the
354 ;; specification.
355 (list (search-path-specification
356 (variable "SSL_CERT_DIR")
357 (files '("etc/ssl/certs")))
358 (search-path-specification
359 (variable "SSL_CERT_FILE")
360 (files '("etc/ssl/certs/ca-certificates.crt")))))
361 (synopsis "SSL/TLS implementation")
362 (description
363 "OpenSSL is an implementation of SSL/TLS.")
364 (license license:openssl)
365 (home-page "http://www.openssl.org/")))
366
367 (define-public openssl-next
368 (package
369 (inherit openssl)
370 (name "openssl")
371 (version "1.1.0e")
372 (source (origin
373 (method url-fetch)
374 (uri (list (string-append "ftp://ftp.openssl.org/source/"
375 name "-" version ".tar.gz")
376 (string-append "ftp://ftp.openssl.org/source/old/"
377 (string-trim-right version char-set:letter)
378 "/" name "-" version ".tar.gz")))
379 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
380 (sha256
381 (base32
382 "0k47sdd9gs6yxfv6ldlgpld2lyzrkcv9kz4cf88ck04xjwc8dgjp"))))
383 (outputs '("out"
384 "doc" ;1.3MiB of man3 pages
385 "static")) ; 5.5MiB of .a files
386 (arguments
387 (substitute-keyword-arguments (package-arguments openssl)
388 ((#:phases phases)
389 `(modify-phases ,phases
390 (delete 'patch-tests) ; These two phases are not needed by
391 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
392
393 ;; Override configure phase since -rpath is now a configure option.
394 (replace 'configure
395 (lambda* (#:key outputs #:allow-other-keys)
396 (let* ((out (assoc-ref outputs "out"))
397 (lib (string-append out "/lib")))
398 (zero?
399 (system* "./config"
400 "shared" ;build shared libraries
401 "--libdir=lib"
402
403 ;; The default for this catch-all directory is
404 ;; PREFIX/ssl. Change that to something more
405 ;; conventional.
406 (string-append "--openssldir=" out
407 "/share/openssl-" ,version)
408
409 (string-append "--prefix=" out)
410 (string-append "-Wl,-rpath," lib)
411
412 ;; XXX FIXME: Work around a code generation bug in GCC
413 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
414 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
415 ,@(if (and (not (%current-target-system))
416 (string-prefix? "armhf" (%current-system)))
417 '("-mfpu=vfpv3")
418 '()))))))
419
420 ;; XXX: Duplicate this phase to make sure 'version' evaluates
421 ;; in the current scope and not the inherited one.
422 (replace 'remove-miscellany
423 (lambda* (#:key outputs #:allow-other-keys)
424 ;; The 'misc' directory contains random undocumented shell and Perl
425 ;; scripts. Remove them to avoid retaining a reference on Perl.
426 (let ((out (assoc-ref outputs "out")))
427 (delete-file-recursively (string-append out "/share/openssl-"
428 ,version "/misc"))
429 #t)))))))))
430
431 (define-public libressl
432 (package
433 (name "libressl")
434 (version "2.5.1")
435 (source
436 (origin
437 (method url-fetch)
438 (uri (string-append
439 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
440 version ".tar.gz"))
441 (sha256
442 (base32
443 "1kc709scgd76vk7fld4jnb4wb5lxdv1cj8zsgyjb33xp4jlf06pp"))))
444 (build-system gnu-build-system)
445 (native-search-paths
446 ;; FIXME: These two variables must designate a single file or directory
447 ;; and are not actually "search paths." In practice it works OK in
448 ;; user profiles because there's always just one item that matches the
449 ;; specification.
450 (list (search-path-specification
451 (variable "SSL_CERT_DIR")
452 (files '("etc/ssl/certs")))
453 (search-path-specification
454 (variable "SSL_CERT_FILE")
455 (files '("etc/ssl/certs/ca-certificates.crt")))))
456 (home-page "http://www.libressl.org/")
457 (synopsis "SSL/TLS implementation")
458 (description "LibreSSL is a version of the TLS/crypto stack forked
459 from OpenSSL in 2014, with the goals of modernizing the codebase, improving
460 security, and applying best practice development processes.")
461 ;; Files taken from OpenSSL keep their license, others are under various
462 ;; non-copyleft licenses.
463 (license (list license:openssl
464 (license:non-copyleft
465 "file://COPYING"
466 "See COPYING in the distribution.")))))
467
468 (define-public python-acme
469 (package
470 (name "python-acme")
471 ;; Remember to update the hash of certbot when updating python-acme.
472 (version "0.12.0")
473 (source (origin
474 (method url-fetch)
475 (uri (pypi-uri "acme" version))
476 (sha256
477 (base32
478 "1pzv8fcfwdqzvvpyhgjz412is0b98yj9495k8sidzzqgbdmvlp50"))))
479 (build-system python-build-system)
480 (arguments
481 `(#:phases
482 (modify-phases %standard-phases
483 (add-after 'install 'docs
484 (lambda* (#:key outputs #:allow-other-keys)
485 (let* ((out (assoc-ref outputs "out"))
486 (man (string-append out "/share/man/man1"))
487 (info (string-append out "/info")))
488 (and (zero? (system* "make" "-C" "docs" "man" "info"))
489 (install-file "docs/_build/texinfo/acme-python.info" info)
490 (install-file "docs/_build/man/acme-python.1" man)
491 #t)))))))
492 ;; TODO: Add optional inputs for testing.
493 (native-inputs
494 `(("python-mock" ,python-mock)
495 ;; For documentation
496 ("python-sphinx" ,python-sphinx)
497 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
498 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
499 ("texinfo" ,texinfo)))
500 (propagated-inputs
501 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
502 ("python-werkzeug" ,python-werkzeug)
503 ("python-six" ,python-six)
504 ("python-requests" ,python-requests)
505 ("python-pytz" ,python-pytz)
506 ("python-pyrfc3339" ,python-pyrfc3339)
507 ("python-pyasn1" ,python-pyasn1)
508 ("python-cryptography" ,python-cryptography)
509 ("python-pyopenssl" ,python-pyopenssl)))
510 (home-page "https://github.com/letsencrypt/letsencrypt")
511 (synopsis "ACME protocol implementation in Python")
512 (description "ACME protocol implementation in Python")
513 (license license:asl2.0)))
514
515 (define-public python2-acme
516 (package-with-python2 python-acme))
517
518 (define-public certbot
519 (package
520 (name "certbot")
521 ;; Certbot and python-acme are developed in the same repository, and their
522 ;; versions should remain synchronized.
523 (version (package-version python-acme))
524 (source (origin
525 (method url-fetch)
526 (uri (pypi-uri name version))
527 (sha256
528 (base32
529 "1dw86gb8lyap5ckjawmli1hxgbchw2g62g1lqfvxyqjv0df94waa"))))
530 (build-system python-build-system)
531 (arguments
532 `(#:python ,python-2
533 #:phases
534 (modify-phases %standard-phases
535 (add-after 'build 'docs
536 (lambda* (#:key outputs #:allow-other-keys)
537 (let* ((out (assoc-ref outputs "out"))
538 (man1 (string-append out "/share/man/man1"))
539 (man7 (string-append out "/share/man/man7"))
540 (info (string-append out "/info")))
541 (and
542 (zero? (system* "make" "-C" "docs" "man" "info"))
543 (install-file "docs/_build/texinfo/Certbot.info" info)
544 (install-file "docs/_build/man/certbot.1" man1)
545 (install-file "docs/_build/man/certbot.7" man7)
546 #t)))))))
547 ;; TODO: Add optional inputs for testing.
548 (native-inputs
549 `(("python2-nose" ,python2-nose)
550 ("python2-mock" ,python2-mock)
551 ;; For documentation
552 ("python2-sphinx" ,python2-sphinx)
553 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
554 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
555 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
556 ("texinfo" ,texinfo)))
557 (propagated-inputs
558 `(("python2-acme" ,python2-acme)
559 ("python2-zope-interface" ,python2-zope-interface)
560 ("python2-pythondialog" ,python2-pythondialog)
561 ("python2-pyrfc3339" ,python2-pyrfc3339)
562 ("python2-pyopenssl" ,python2-pyopenssl)
563 ("python2-configobj" ,python2-configobj)
564 ("python2-configargparse" ,python2-configargparse)
565 ("python2-zope-component" ,python2-zope-component)
566 ("python2-parsedatetime" ,python2-parsedatetime)
567 ("python2-six" ,python2-six)
568 ("python2-psutil" ,python2-psutil)
569 ("python2-requests" ,python2-requests)
570 ("python2-pytz" ,python2-pytz)))
571 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
572 (description "Certbot automatically receives and installs X.509 certificates
573 to enable Transport Layer Security (TLS) on servers. It interoperates with the
574 Let’s Encrypt certificate authority (CA), which issues browser-trusted
575 certificates for free.")
576 (home-page "https://certbot.eff.org/")
577 (license license:asl2.0)))
578
579 (define-public letsencrypt
580 (package (inherit certbot)
581 (name "letsencrypt")
582 (properties `((superseded . ,certbot)))))
583
584 (define-public perl-net-ssleay
585 (package
586 (name "perl-net-ssleay")
587 (version "1.68")
588 (source (origin
589 (method url-fetch)
590 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
591 "Net-SSLeay-" version ".tar.gz"))
592 (sha256
593 (base32
594 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
595 (build-system perl-build-system)
596 (native-inputs
597 `(("patch" ,patch)
598 ("patch/disable-ede-test"
599 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
600 (inputs `(("openssl" ,openssl)))
601 (arguments
602 `(#:phases
603 (modify-phases %standard-phases
604 (add-after
605 'unpack 'apply-patch
606 (lambda* (#:key inputs #:allow-other-keys)
607 ;; XXX We apply this patch here instead of in the 'origin' because
608 ;; this package's build system fails badly when the source file
609 ;; times are zeroed.
610 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
611 (zero? (system* "patch" "--force" "-p1" "-i"
612 (assoc-ref inputs "patch/disable-ede-test")))))
613 (add-before
614 'configure 'set-ssl-prefix
615 (lambda* (#:key inputs #:allow-other-keys)
616 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
617 #t)))))
618 (synopsis "Perl extension for using OpenSSL")
619 (description
620 "This module offers some high level convenience functions for accessing
621 web pages on SSL servers (for symmetry, the same API is offered for accessing
622 http servers, too), an sslcat() function for writing your own clients, and
623 finally access to the SSL api of the SSLeay/OpenSSL package so you can write
624 servers or clients for more complicated applications.")
625 (license (package-license perl))
626 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
627
628 (define-public perl-crypt-openssl-rsa
629 (package
630 (name "perl-crypt-openssl-rsa")
631 (version "0.28")
632 (source
633 (origin
634 (method url-fetch)
635 (uri (string-append
636 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
637 version
638 ".tar.gz"))
639 (sha256
640 (base32
641 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
642 (build-system perl-build-system)
643 (inputs
644 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
645 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
646 ("openssl" ,openssl)))
647 (arguments perl-crypt-arguments)
648 (home-page
649 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
650 (synopsis
651 "RSA encoding and decoding, using the openSSL libraries")
652 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
653 OpenSSL libraries).")
654 (license (package-license perl))))
655
656 (define perl-crypt-arguments
657 `(#:phases (modify-phases %standard-phases
658 (add-before 'configure 'patch-Makefile.PL
659 (lambda* (#:key inputs #:allow-other-keys)
660 (substitute* "Makefile.PL"
661 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
662 (assoc-ref inputs "openssl")
663 "/lib -lcrypto'],")))
664 #t)))))
665
666 (define-public perl-crypt-openssl-bignum
667 (package
668 (name "perl-crypt-openssl-bignum")
669 (version "0.06")
670 (source
671 (origin
672 (method url-fetch)
673 (uri (string-append
674 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
675 version
676 ".tar.gz"))
677 (sha256
678 (base32
679 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
680 (build-system perl-build-system)
681 (inputs `(("openssl" ,openssl)))
682 (arguments perl-crypt-arguments)
683 (home-page
684 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
685 (synopsis
686 "OpenSSL's multiprecision integer arithmetic in Perl")
687 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
688 arithmetic in Perl.")
689 ;; At your option either gpl1+ or the Artistic License
690 (license (package-license perl))))
691
692 (define-public perl-crypt-openssl-random
693 (package
694 (name "perl-crypt-openssl-random")
695 (version "0.11")
696 (source
697 (origin
698 (method url-fetch)
699 (uri (string-append
700 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
701 version
702 ".tar.gz"))
703 (sha256
704 (base32
705 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
706 (build-system perl-build-system)
707 (inputs `(("openssl" ,openssl)))
708 (arguments perl-crypt-arguments)
709 (home-page
710 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
711 (synopsis
712 "OpenSSL/LibreSSL pseudo-random number generator access")
713 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
714 number generator")
715 (license (package-license perl))))
716
717 (define-public acme-client
718 (package
719 (name "acme-client")
720 (version "0.1.16")
721 (source (origin
722 (method url-fetch)
723 (uri (string-append "https://kristaps.bsd.lv/" name "/"
724 "snapshots/" name "-portable-"
725 version ".tgz"))
726 (sha256
727 (base32
728 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
729 (build-system gnu-build-system)
730 (arguments
731 '(#:tests? #f ; no test suite
732 #:make-flags
733 (list "CC=gcc"
734 (string-append "PREFIX=" (assoc-ref %outputs "out")))
735 #:phases
736 (modify-phases %standard-phases
737 (add-after 'unpack 'patch-paths
738 (lambda* (#:key inputs #:allow-other-keys)
739 (let ((pem (string-append (assoc-ref inputs "libressl")
740 "/etc/ssl/cert.pem")))
741 (substitute* "http.c"
742 (("/etc/ssl/cert.pem") pem))
743 #t)))
744 (delete 'configure)))) ; no './configure' script
745 (native-inputs
746 `(("pkg-config" ,pkg-config)))
747 (inputs
748 `(("libbsd" ,libbsd)
749 ("libressl" ,libressl)))
750 (synopsis "Let's Encrypt client by the OpenBSD project")
751 (description "acme-client is a Let's Encrypt client implemented in C. It
752 uses a modular design, and attempts to secure itself by dropping privileges and
753 operating in a chroot where possible. acme-client is developed on OpenBSD and
754 then ported to the GNU / Linux environment.")
755 (home-page "https://kristaps.bsd.lv/acme-client/")
756 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
757 ;; and 'jsmn.c' are distributed under the Expat license.
758 (license (list license:isc license:expat))))
759
760 ;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
761 ;; variant exists in addition to the "-apache" one.
762 (define-public mbedtls-apache
763 (package
764 (name "mbedtls-apache")
765 (version "2.4.0")
766 (source
767 (origin
768 (method url-fetch)
769 ;; XXX: The download links on the website are script redirection links
770 ;; which effectively lead to the format listed in the uri here.
771 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
772 version "-apache.tgz"))
773 (sha256
774 (base32
775 "03bzbfidigljva6xj49k38q3kwlbj75lrky4a0ainylzsfg5bhy1"))))
776 (build-system cmake-build-system)
777 (native-inputs
778 `(("perl" ,perl)))
779 (synopsis "Small TLS library")
780 (description
781 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
782 for developers to include cryptographic and SSL/TLS capabilities in their
783 (embedded) products, facilitating this functionality with a minimal
784 coding footprint.")
785 (home-page "https://tls.mbed.org")
786 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/