[PATCH] Libressl

[Andreas Enge <andreas@enge.fr>]

[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

Hello,

the attached patch adds libressl. As you can see, it is quite a bit simpler
than the openssl package, which already inspires confidence. I think we
should add the package; the next question would be whether we should switch
all inputs from openssl to libressl. I tried it for fetchmail, and it works
just the same.

I also wonder whether we should not unite gnutls.scm and openssl.scm into
one tls.scm.

What do you think?

Andreas


[-- Attachment #2: 0001-gnu-Add-libressl.patch --]
[-- Type: text/plain, Size: 2244 bytes --]

From 5e84bb645666deb410181cf24501c449597ebc4c Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Mon, 15 Jun 2015 13:45:34 +0200
Subject: [PATCH] gnu: Add libressl.

* gnu/packages/openssl.scm (libressl): New variable.
---
 gnu/packages/openssl.scm | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/openssl.scm b/gnu/packages/openssl.scm
index dec51a1..0185d45 100644
--- a/gnu/packages/openssl.scm
+++ b/gnu/packages/openssl.scm
@@ -113,4 +113,38 @@ servers or clients for more complicated applications.")
     (license (package-license perl))
     (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
 
-
+(define-public libressl
+  (package
+    (name "libressl")
+    (version "2.2.0")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append
+             "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
+             version ".tar.gz"))
+      (sha256 (base32
+               "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n"))))
+    (build-system gnu-build-system)
+    (native-search-paths
+      ;; FIXME: These two variables must designate a single file or directory
+      ;; and are not actually "search paths."  In practice it works OK in
+      ;; user profiles because there's always just one item that matches the
+      ;; specification.
+     (list (search-path-specification
+            (variable "SSL_CERT_DIR")
+            (files '("etc/ssl/certs")))
+           (search-path-specification
+            (variable "SSL_CERT_FILE")
+            (files '("etc/ssl/certs/ca-certificates.crt")))))
+    (home-page "http://www.libressl.org/")
+    (synopsis "SSL/TLS implementation")
+    (description "LibreSSL is a version of the TLS/crypto stack forked
+from OpenSSL in 2014, with the goals of modernizing the codebase, improving
+security, and applying best practice development processes.")
+    ;; Files taken from OpenSSL keep their license, others are under various
+    ;; non-copyleft licenses.
+    (license (list license:openssl
+                   (license:non-copyleft
+                     "file://COPYING"
+                     "See COPYING in the distribution.")))))
-- 
2.2.1