svn commit: r563255 - in head/security/wolfssl: . files
Santhosh Raju
fox at FreeBSD.org
Fri Jan 29 22:11:12 UTC 2021
Author: fox
Date: Fri Jan 29 22:11:11 2021
New Revision: 563255
URL: https://svnweb.freebsd.org/changeset/ports/563255
Log:
security/wolfssl: Add DEBUG option and enable more features.
- Set --enable-opensslall which is needed for
wolfSSL_X509_NAME_print_ex() and friends.
- Set --enable-certgen to allow certificate generation.
- Define WOLFSSL_ALT_NAMES so one can generate certificates
with the Subject Alternative Name extension.
- Set --enable-sessioncerts to allow to inspect certificates
with wolfSSL_get_peer_cert_chain().
- Set --enable-des3 so one can load PBES2-3DES-CBC-encoded keys.
Additionally a patch to prevent memory leaks is included.
PR: 252829
Submitted by: Fabian Keil <fk at fabiankeil.de>
Reported by: Fabian Keil <fk at fabiankeil.de>
Approved by: fox (maintainer)
Added:
head/security/wolfssl/files/
head/security/wolfssl/files/patch-src-ssl.c (contents, props changed)
Modified:
head/security/wolfssl/Makefile
Modified: head/security/wolfssl/Makefile
==============================================================================
--- head/security/wolfssl/Makefile Fri Jan 29 21:59:39 2021 (r563254)
+++ head/security/wolfssl/Makefile Fri Jan 29 22:11:11 2021 (r563255)
@@ -2,9 +2,11 @@
PORTNAME= wolfssl
PORTVERSION= 4.6.0
+PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= https://www.wolfssl.com/ \
LOCAL/fox
+
MAINTAINER= fox at FreeBSD.org
COMMENT= Embedded SSL C-Library
@@ -16,14 +18,18 @@ USE_LDCONFIG= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --disable-dependency-tracking \
+ --enable-certgen \
+ --enable-des3 \
--enable-dh \
--enable-dsa \
--enable-dtls \
--enable-ecc \
--enable-ipv6 \
--enable-keygen \
+ --enable-opensslall \
--enable-opensslextra \
--enable-ripemd \
+ --enable-sessioncerts \
--enable-sha512 \
--enable-shared \
--enable-sni \
@@ -32,9 +38,12 @@ CONFIGURE_ARGS= --disable-dependency-tracking \
--enable-tls13 \
--enable-tls13-draft18
TEST_TARGET= check
+CFLAGS+= -DWOLFSSL_ALT_NAMES
PORTDOCS= *
-OPTIONS_DEFINE= DOCS
+OPTIONS_DEFINE= DEBUG DOCS
+DEBUG_CONFIGURE_ON= --enable-debug
+
post-configure:
@${REINPLACE_CMD} \
-e 's|$${prefix}/cyassl/include|$${prefix}/include/cyassl|' \
@@ -42,7 +51,7 @@ post-configure:
-e '/^pkgconfigdir/s|(libdir)|&data|' \
${WRKSRC}/Makefile
-post-install:
+post-install-DEBUG-off:
@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libwolfssl.so
.include <bsd.port.mk>
Added: head/security/wolfssl/files/patch-src-ssl.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wolfssl/files/patch-src-ssl.c Fri Jan 29 22:11:11 2021 (r563255)
@@ -0,0 +1,31 @@
+From 0aead8cb868003a5dff2e81d6a7ffd7579652610 Mon Sep 17 00:00:00 2001
+From: Fabian Keil <fk at fabiankeil.de>
+Date: Sun, 17 Jan 2021 11:21:59 +0100
+Subject: [PATCH] wolfSSL_CertManagerFree(): free refMutex
+
+Fixes memory leaks like:
+ ==323== 96 bytes in 1 blocks are definitely lost in loss record 3 of 4
+ ==323== at 0x4C291E1: calloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
+ ==323== by 0x585495F: pthread_mutex_init (in /lib/libthr.so.3)
+ ==323== by 0x4E7B5E8: wc_InitMutex (wc_port.c:1071)
+ ==323== by 0x4F09540: wolfSSL_CertManagerNew_ex (ssl.c:3596)
+ ==323== by 0x4EC6A81: InitSSL_Ctx (internal.c:1752)
+ ==323== by 0x4F0441E: wolfSSL_CTX_new_ex (ssl.c:394)
+ ==323== by 0x4F04658: wolfSSL_CTX_new (ssl.c:436)
+ ==323== by 0x400AA2: main (wolfssl-ctx-leak.c:9)
+
+This is a partial cherry-pick of upstream commit
+9598c037168b73ce2f by Tesfa Mael.
+--- src/ssl.c.orig 2020-12-23 02:15:20 UTC
++++ src/ssl.c
+@@ -3663,7 +3663,9 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
+ FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
+ wc_FreeMutex(&cm->tpLock);
+ #endif
+-
++ if (wc_FreeMutex(&cm->refMutex) != 0) {
++ WOLFSSL_MSG("Couldn't free refMutex mutex");
++ }
+ XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
+ }
+ }
More information about the svn-ports-all
mailing list