83 lines
2.5 KiB
Ruby
83 lines
2.5 KiB
Ruby
# GnuTLS has previous, current, and next stable branches, we use current.
|
|
# From 3.4.0 GnuTLS will be permanently disabling SSLv3. Every brew uses will need a revision with that.
|
|
# http://nmav.gnutls.org/2014/10/what-about-poodle.html
|
|
class Gnutls < Formula
|
|
desc "GNU Transport Layer Security (TLS) Library"
|
|
homepage "http://gnutls.org"
|
|
url "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.15.tar.xz"
|
|
mirror "https://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/gnutls/v3.3/gnutls-3.3.15.tar.xz"
|
|
sha256 "8961227852911a1974e15bc017ddbcd4779876c867226d199f06648d8b27ba4b"
|
|
|
|
bottle do
|
|
cellar :any
|
|
sha256 "f0762b7145a3c15501643ce1ee26b4106787d7d6398624be29265da9d6da8086" => :yosemite
|
|
sha256 "e13e1b032bbfd5cf57f3a9652ce41ad43ef20f906e12e5002f596a37e9334e5a" => :mavericks
|
|
sha256 "66e1a2b340ab7d3244dbf7b4f918e01e63ccc42950f1a4a4c938723ff06a52ad" => :mountain_lion
|
|
end
|
|
|
|
depends_on "pkg-config" => :build
|
|
depends_on "libtasn1"
|
|
depends_on "gmp"
|
|
depends_on "nettle"
|
|
depends_on "guile" => :optional
|
|
depends_on "p11-kit" => :optional
|
|
depends_on "unbound" => :optional
|
|
|
|
fails_with :llvm do
|
|
build 2326
|
|
cause "Undefined symbols when linking"
|
|
end
|
|
|
|
def install
|
|
args = %W[
|
|
--disable-dependency-tracking
|
|
--disable-silent-rules
|
|
--disable-static
|
|
--prefix=#{prefix}
|
|
--sysconfdir=#{etc}
|
|
--with-default-trust-store-file=#{etc}/openssl/cert.pem
|
|
--disable-heartbeat-support
|
|
]
|
|
|
|
if build.with? "guile"
|
|
args << "--enable-guile"
|
|
args << "--with-guile-site-dir=no"
|
|
end
|
|
|
|
system "./configure", *args
|
|
system "make", "install"
|
|
|
|
# certtool shadows the OS X certtool utility
|
|
mv bin/"certtool", bin/"gnutls-certtool"
|
|
mv man1/"certtool.1", man1/"gnutls-certtool.1"
|
|
end
|
|
|
|
def post_install
|
|
keychains = %w[
|
|
/Library/Keychains/System.keychain
|
|
/System/Library/Keychains/SystemRootCertificates.keychain
|
|
]
|
|
|
|
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
|
|
certs = certs_list.scan(
|
|
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
|
|
)
|
|
|
|
valid_certs = certs.select do |cert|
|
|
IO.popen("openssl x509 -inform pem -checkend 0 -noout", "w") do |openssl_io|
|
|
openssl_io.write(cert)
|
|
openssl_io.close_write
|
|
end
|
|
|
|
$?.success?
|
|
end
|
|
|
|
openssldir = etc/"openssl"
|
|
openssldir.mkpath
|
|
(openssldir/"cert.pem").atomic_write(valid_certs.join("\n"))
|
|
end
|
|
|
|
test do
|
|
system bin/"gnutls-cli", "--version"
|
|
end
|
|
end
|