openssl: Disable SSLv3 and SSLv2 by default
[ipfire-2.x.git] / lfs / openssl
CommitLineData
cd1a2927 1###############################################################################
cd1a2927 2# #
70df8302 3# IPFire.org - A linux based firewall #
b1f11b04 4# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302
MT
5# #
6# This program is free software: you can redistribute it and/or modify #
cd1a2927 7# it under the terms of the GNU General Public License as published by #
70df8302 8# the Free Software Foundation, either version 3 of the License, or #
cd1a2927
MT
9# (at your option) any later version. #
10# #
70df8302 11# This program is distributed in the hope that it will be useful, #
cd1a2927
MT
12# but WITHOUT ANY WARRANTY; without even the implied warranty of #
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14# GNU General Public License for more details. #
15# #
16# You should have received a copy of the GNU General Public License #
70df8302 17# along with this program. If not, see <http://www.gnu.org/licenses/>. #
cd1a2927 18# #
cd1a2927
MT
19###############################################################################
20
21###############################################################################
22# Definitions
23###############################################################################
24
25include Config
26
08e5991c 27VER = 1.0.1k
cd1a2927
MT
28
29THISAPP = openssl-$(VER)
30DL_FILE = $(THISAPP).tar.gz
50f96334 31DL_FROM = $(URL_IPFIRE)
cd1a2927
MT
32DIR_APP = $(DIR_SRC)/$(THISAPP)
33TARGET = $(DIR_INFO)/$(THISAPP)
34
0f90adc0
EK
35ifeq "$(MACHINE)" "i586"
36 CONFIGURE_ARGS = linux-elf no-asm 386
37endif
38
39ifeq "$(MACHINE)" "armv5tel"
40 CONFIGURE_ARGS = linux-generic32
41endif
42
43CFLAGS += -DPURIFY
44export RPM_OPT_FLAGS = $(CFLAGS)
45
cd1a2927
MT
46###############################################################################
47# Top-level Rules
48###############################################################################
49
50objects = $(DL_FILE)
51
52$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
53
08e5991c 54$(DL_FILE)_MD5 = d4f002bd22a56881340105028842ae1f
cd1a2927
MT
55
56install : $(TARGET)
57
58check : $(patsubst %,$(DIR_CHK)/%,$(objects))
59
60download :$(patsubst %,$(DIR_DL)/%,$(objects))
61
62md5 : $(subst %,%_MD5,$(objects))
63
64###############################################################################
65# Downloading, checking, md5sum
66###############################################################################
67
68$(patsubst %,$(DIR_CHK)/%,$(objects)) :
69 @$(CHECK)
70
71$(patsubst %,$(DIR_DL)/%,$(objects)) :
72 @$(LOAD)
73
74$(subst %,%_MD5,$(objects)) :
75 @$(MD5)
76
77###############################################################################
78# Installation Details
79###############################################################################
80
81$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
82 @$(PREBUILD)
83 @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
0f90adc0
EK
84 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
85 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch
86 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch
87 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
33c4c29b 88 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
d0bd5afe 89 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
0f90adc0
EK
90
91 cd $(DIR_APP) && find crypto/ -name Makefile -exec \
92 sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
93
94 cd $(DIR_APP) && ./Configure \
95 --prefix=/usr \
96 --openssldir=/etc/ssl \
97 --enginesdir=/usr/lib/openssl/engines \
98 shared \
99 zlib-dynamic \
100 enable-camellia \
101 enable-md2 \
102 enable-seed \
103 enable-tlsext \
104 enable-rfc3779 \
105 no-idea \
106 no-mdc2 \
107 no-rc5 \
108 no-srp \
109 $(CONFIGURE_ARGS) \
110 -DSSL_FORBID_ENULL \
111 -DHAVE_CRYPTODEV \
112 -DUSE_CRYPTODEV_DIGEST
113
114 cd $(DIR_APP) && make depend
115 cd $(DIR_APP) && make
116
117 # Install everything.
118 cd $(DIR_APP) && make install
cd1a2927 119 install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
0f90adc0
EK
120
121 # Remove man pages.
122 -rm -vfr /etc/ssl/man
123
124 # Move engines to the right place.
125 -mkdir -pv /usr/lib/openssl
126 rm -vfr /usr/lib/openssl/engines
127 mv -v /usr/lib/engines /usr/lib/openssl
128
cd1a2927
MT
129 @rm -rf $(DIR_APP)
130 @$(POSTBUILD)