security/mod_tls: Add new Apache httpd TLS module

* This (experimental) module was part of www/apache24 up to 2.4.62 Differential Revision: https://reviews.freebsd.org/D48514
2025-05-12 15:21:51 -04:00 · 2025-01-25 13:06:17 +01:00 · 2025-01-25 13:06:17 +01:00 · e4321009ba
commit e4321009ba
parent 1004d92911
7 changed files with 92 additions and 0 deletions
--- a/www/Makefile
+++ b/www/Makefile
@ -427,6 +427,7 @@
    SUBDIR += mod_scgi
    SUBDIR += mod_security
    SUBDIR += mod_setenvifplus
+    SUBDIR += mod_tls
    SUBDIR += mod_umask
    SUBDIR += mod_webauth
    SUBDIR += mod_webkit
--- a/www/mod_tls/Makefile
+++ b/www/mod_tls/Makefile
@ -0,0 +1,39 @@
+PORTNAME=	mod_tls
+PORTVERSION=	0.14.0
+CATEGORIES=	www security
+MASTER_SITES=	https://github.com/icing/mod_tls/releases/download/v${DISTVERSION}/
+PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}
+
+MAINTAINER=	brnrd@FreeBSD.org
+COMMENT=	rustls based TLS for Apache httpd
+WWW=		https://github.com/icing/mod_tls
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	rustls-ffi==0.14.0:security/rustls-ffi
+LIB_DEPENDS=	librustls.so:security/rustls-ffi
+
+INSTALL_TARGET=	install-strip
+
+USES=		apache libtool
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-rustls=${LOCALBASE}
+
+MODULENAME=	mod_tls
+
+SUB_FILES=	001-mod_tls.conf
+PORTDOCS=	README README.md
+
+OPTIONS_DEFINE=	DOCS
+
+.include <bsd.port.pre.mk>
+
+post-install:
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/${APACHEMODDIR}/${MODULENAME}.so.0.0.0
+	${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
+	${INSTALL_DATA} ${WRKDIR}/001-mod_tls.conf \
+		${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d/001-mod_tls.conf.sample
+	${RM} ${STAGEDIR}${DOCSDIR}/LICENSE
+
+.include <bsd.port.post.mk>
--- a/www/mod_tls/distinfo
+++ b/www/mod_tls/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1730551891
+SHA256 (mod_tls-0.14.0.tar.gz) = 701db868a4fb2cd85b272e5defc2841dcc81eda2546bfa6fbf5c209774b4edcb
+SIZE (mod_tls-0.14.0.tar.gz) = 563693
--- a/www/mod_tls/files/001-mod_tls.conf.in
+++ b/www/mod_tls/files/001-mod_tls.conf.in
@ -0,0 +1,21 @@
+# To enable, uncomment the LoadModule line
+
+# LoadModule tls_module %%APACHE_MODDIR%%/mod_tls.so
+
+<IfModule tls_module>
+    TLSEngine 443
+    TLSStrictSNI on
+</IfModule>
+
+# Switching from mod_ssl to mod_tls
+#
+# Replace the mod_ssl config
+#
+#     SSLEngine on
+#     SSLCertificateFile file_with_certificate.pem
+#     SSLCertificateKeyFile file_with_key.pem
+#
+# with
+#
+#     TLSEngine 443
+#     TLSCertificate file_with_certificate.pem file_with_key.pem
--- a/www/mod_tls/pkg-descr
+++ b/www/mod_tls/pkg-descr
@ -0,0 +1,2 @@
+A module for Apache httpd that uses rustls to provide a memory safe TLS
+implementation in Rust.
--- a/www/mod_tls/pkg-message
+++ b/www/mod_tls/pkg-message
@ -0,0 +1,18 @@
+[
+{ type: install
+  message: <<EOM
+
+To enable mod_tls, uncomment the LoadModule line in
+apache24/modules.d/001-mod_tls.conf
+
+    LoadModule tls_module  ${modDir}/mod_tls.so
+
+This module can co-exist with mod_ssl, it is your configuration that
+uses one or the other.
+
+To switch from mod_ssl, check the documentation on
+https://github.com/icing/mod_tls#configuration.
+
+EOM
+}
+]
--- a/www/mod_tls/pkg-plist
+++ b/www/mod_tls/pkg-plist
@ -0,0 +1,8 @@
+@sample %%APACHEETCDIR%%/modules.d/001-mod_tls.conf.sample
+lib/mod_tls.a
+lib/%%AP_MODULE%%
+lib/%%AP_MODULE%%.0
+lib/%%AP_MODULE%%.0.0.0
+%%APACHEMODDIR%%/%%AP_MODULE%%
+%%APACHEMODDIR%%/%%AP_MODULE%%.0.0.0
+