git: e4321009ba2e - main - security/mod_tls: Add new Apache httpd TLS module
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 25 Jan 2025 12:08:14 UTC
The branch main has been updated by brnrd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e4321009ba2e4d9cc753f88dea3769f46ae9321b
commit e4321009ba2e4d9cc753f88dea3769f46ae9321b
Author: Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2025-01-25 12:06:17 +0000
Commit: Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2025-01-25 12:06:17 +0000
security/mod_tls: Add new Apache httpd TLS module
* This (experimental) module was part of www/apache24 up to 2.4.62
Differential Revision: https://reviews.freebsd.org/D48514
---
www/Makefile | 1 +
www/mod_tls/Makefile | 39 +++++++++++++++++++++++++++++++++++
www/mod_tls/distinfo | 3 +++
www/mod_tls/files/001-mod_tls.conf.in | 21 +++++++++++++++++++
www/mod_tls/pkg-descr | 2 ++
www/mod_tls/pkg-message | 18 ++++++++++++++++
www/mod_tls/pkg-plist | 8 +++++++
7 files changed, 92 insertions(+)
diff --git a/www/Makefile b/www/Makefile
index d7bcd6d80d7d..57eb56952c18 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -427,6 +427,7 @@
SUBDIR += mod_scgi
SUBDIR += mod_security
SUBDIR += mod_setenvifplus
+ SUBDIR += mod_tls
SUBDIR += mod_umask
SUBDIR += mod_webauth
SUBDIR += mod_webkit
diff --git a/www/mod_tls/Makefile b/www/mod_tls/Makefile
new file mode 100644
index 000000000000..66fd64fc1032
--- /dev/null
+++ b/www/mod_tls/Makefile
@@ -0,0 +1,39 @@
+PORTNAME= mod_tls
+PORTVERSION= 0.14.0
+CATEGORIES= www security
+MASTER_SITES= https://github.com/icing/mod_tls/releases/download/v${DISTVERSION}/
+PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}
+
+MAINTAINER= brnrd@FreeBSD.org
+COMMENT= rustls based TLS for Apache httpd
+WWW= https://github.com/icing/mod_tls
+
+LICENSE= APACHE20
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+BUILD_DEPENDS= rustls-ffi==0.14.0:security/rustls-ffi
+LIB_DEPENDS= librustls.so:security/rustls-ffi
+
+INSTALL_TARGET= install-strip
+
+USES= apache libtool
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --with-rustls=${LOCALBASE}
+
+MODULENAME= mod_tls
+
+SUB_FILES= 001-mod_tls.conf
+PORTDOCS= README README.md
+
+OPTIONS_DEFINE= DOCS
+
+.include <bsd.port.pre.mk>
+
+post-install:
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/${APACHEMODDIR}/${MODULENAME}.so.0.0.0
+ ${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
+ ${INSTALL_DATA} ${WRKDIR}/001-mod_tls.conf \
+ ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d/001-mod_tls.conf.sample
+ ${RM} ${STAGEDIR}${DOCSDIR}/LICENSE
+
+.include <bsd.port.post.mk>
diff --git a/www/mod_tls/distinfo b/www/mod_tls/distinfo
new file mode 100644
index 000000000000..d9c451c07181
--- /dev/null
+++ b/www/mod_tls/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1730551891
+SHA256 (mod_tls-0.14.0.tar.gz) = 701db868a4fb2cd85b272e5defc2841dcc81eda2546bfa6fbf5c209774b4edcb
+SIZE (mod_tls-0.14.0.tar.gz) = 563693
diff --git a/www/mod_tls/files/001-mod_tls.conf.in b/www/mod_tls/files/001-mod_tls.conf.in
new file mode 100644
index 000000000000..3f2bd2b240b7
--- /dev/null
+++ b/www/mod_tls/files/001-mod_tls.conf.in
@@ -0,0 +1,21 @@
+# To enable, uncomment the LoadModule line
+
+# LoadModule tls_module %%APACHE_MODDIR%%/mod_tls.so
+
+<IfModule tls_module>
+ TLSEngine 443
+ TLSStrictSNI on
+</IfModule>
+
+# Switching from mod_ssl to mod_tls
+#
+# Replace the mod_ssl config
+#
+# SSLEngine on
+# SSLCertificateFile file_with_certificate.pem
+# SSLCertificateKeyFile file_with_key.pem
+#
+# with
+#
+# TLSEngine 443
+# TLSCertificate file_with_certificate.pem file_with_key.pem
diff --git a/www/mod_tls/pkg-descr b/www/mod_tls/pkg-descr
new file mode 100644
index 000000000000..c4767ff09d20
--- /dev/null
+++ b/www/mod_tls/pkg-descr
@@ -0,0 +1,2 @@
+A module for Apache httpd that uses rustls to provide a memory safe TLS
+implementation in Rust.
diff --git a/www/mod_tls/pkg-message b/www/mod_tls/pkg-message
new file mode 100644
index 000000000000..41ad11adbc90
--- /dev/null
+++ b/www/mod_tls/pkg-message
@@ -0,0 +1,18 @@
+[
+{ type: install
+ message: <<EOM
+
+To enable mod_tls, uncomment the LoadModule line in
+apache24/modules.d/001-mod_tls.conf
+
+ LoadModule tls_module ${modDir}/mod_tls.so
+
+This module can co-exist with mod_ssl, it is your configuration that
+uses one or the other.
+
+To switch from mod_ssl, check the documentation on
+https://github.com/icing/mod_tls#configuration.
+
+EOM
+}
+]
diff --git a/www/mod_tls/pkg-plist b/www/mod_tls/pkg-plist
new file mode 100644
index 000000000000..98d22e927cf9
--- /dev/null
+++ b/www/mod_tls/pkg-plist
@@ -0,0 +1,8 @@
+@sample %%APACHEETCDIR%%/modules.d/001-mod_tls.conf.sample
+lib/mod_tls.a
+lib/%%AP_MODULE%%
+lib/%%AP_MODULE%%.0
+lib/%%AP_MODULE%%.0.0.0
+%%APACHEMODDIR%%/%%AP_MODULE%%
+%%APACHEMODDIR%%/%%AP_MODULE%%.0.0.0
+