Add openscep.

OpenSCEP is an open source implementation of the SCEP protocol used by Cisco
routers for certificate enrollment to build VPNs. It implements most of the
draft specification.

OpenSCEP includes a client and a server implementation, as well as some CGI
programs to simplify certificate and revocation list management.

WWW: http://openscep.othello.ch/

PR:		ports/81264
Submitted by:	Vsevolod Stakhov <vsevolod@highsecure.ru>

19 files changed, 584 insertions, 0 deletions

diff --git a/security/openscep/Makefile b/security/openscep/Makefile
new file mode 100644
index 000000000000..02bbbbe71599
--- /dev/null
+++ b/security/openscep/Makefile
@@ -0,0 +1,73 @@
+# New ports collection makefile for:	openscep
+# Date created:		May 19 2005
+# Whom:			Vsevolod Stakhov
+#
+# $FreeBSD$
+#
+
+PORTNAME=	openscep
+PORTVERSION=	0.4.2
+CATEGORIES=	security
+MASTER_SITES=	http://openscep.othello.ch/download/
+
+MAINTAINER=	vsevolod@highsecure.ru
+COMMENT=	Open source scep server
+
+USE_REINPLACE=	yes
+USE_OPENSSL=	yes
+USE_OPENLDAP=	yes
+USE_APACHE=	yes
+USE_LIBTOOL_VER=15
+USE_GMAKE=	yes
+
+CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include" \
+		LIBS="-L${LOCALBASE}/lib"
+CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+CONFIGURE_ARGS=	--with-html-install-dir="${PREFIX}/www/openscep" \
+		--with-cgi-install-dir="${PREFIX}/www/cgi-bin/openscep" \
+		--with-openscep-dir="${PREFIX}/etc/openscep" \
+		--with-pkiclientexe="${PREFIX}/www/cgi-bin/pkiclient.exe"
+
+MAKE_ENV=	CPPFLAGS="-I${LOCALBASE}/include"
+
+CONF_DIR=	${PREFIX}/etc/${PORTNAME}
+CONF_FILES=	openscep.cnf openscep.ldif openscep.schema slapd.conf
+
+SUB_FILES=	pkg-deinstall pkg-install pkg-message
+SUB_LIST=	CONF_DIR="${CONF_DIR}" CONF_FILES="${CONF_FILES}"
+
+MAN1=		derdump.1 \
+		scep.1 \
+		scepclient.1 \
+		scepconf.1 \
+		sceplist.1 \
+		scepxid.1
+MAN5=		openscep.cnf.5
+MAN8=		cafingerprint.8 \
+		createcrl.8 \
+		crl2ldap.8 \
+		dn2xid.8 \
+		scepd.8 \
+		scepgrant.8 \
+		scepreject.8 \
+		updatecrl.8
+
+post-patch:
+	@${REINPLACE_CMD} -e '/^subdirs=/ s|libltdl||' ${WRKSRC}/configure
+	@${REINPLACE_CMD} -e '/^SUBDIRS =/ s|libltdl||' ${WRKSRC}/Makefile.in
+	@${REINPLACE_CMD} -e 's|^\(install-data-am:\) install-data-local$$|\1|' \
+		${WRKSRC}/ldap/Makefile.in ${WRKSRC}/openssl/Makefile.in
+
+post-install:
+	${MKDIR} ${CONF_DIR}
+	${INSTALL_DATA} ${WRKSRC}/openssl/openscep.cnf ${CONF_DIR}/openscep.cnf.default
+.for f in openscep.ldif openscep.schema slapd.conf
+	${INSTALL_DATA} ${WRKSRC}/ldap/${f} ${CONF_DIR}/${f}.default
+.endfor
+	${CHOWN} www:www ${PREFIX}/www/cgi-bin/openscep/*
+	${CHOWN} www:www ${PREFIX}/www/cgi-bin/pkiclient.exe
+	${CHOWN} www:www ${PREFIX}/etc/openscep/*
+	@PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/openscep/distinfo b/security/openscep/distinfo
new file mode 100644
index 000000000000..ce0b7f404da7
--- /dev/null
+++ b/security/openscep/distinfo
@@ -0,0 +1,2 @@
+MD5 (openscep-0.4.2.tar.gz) = 484123dd1f02cc98b1a81ecb1f95aa59
+Size (openscep-0.4.2.tar.gz) = 416294
diff --git a/security/openscep/files/patch-include_openscep_err.h b/security/openscep/files/patch-include_openscep_err.h
new file mode 100644
index 000000000000..6b003582d0f0
--- /dev/null
+++ b/security/openscep/files/patch-include_openscep_err.h
@@ -0,0 +1,36 @@
+--- include/openscep_err.h.orig	Thu May 19 16:26:46 2005
++++ include/openscep_err.h	Thu May 19 16:26:46 2005
+@@ -0,0 +1,33 @@
++#ifndef HEADER_OPENSCEP_ERR_H
++#define HEADER_OPENSCEP_ERR_H
++
++#if OPENSSL_VERSION_NUMBER < 0x00907000L
++/* ERR_unload_strings was added in 0.9.7. with older versions, it's
++   redefined as a no-op here so the auto-generated code in
++   openscep_err.c doesn't need to be changed. */
++#define ERR_unload_strings(A,B) do{}while(0)
++#endif
++
++/* BEGIN ERROR CODES */
++/* The following lines are auto generated by the script mkerr.pl. Any changes
++ * made after this point may be overwritten when the script is next run.
++ */
++void ERR_load_OPENSCEP_strings(void);
++void ERR_unload_OPENSCEP_strings(void);
++void ERR_OPENSCEP_error(int function, int reason, char *file, int line);
++#define OPENSCEPerr(f,r) ERR_OPENSCEP_error((f),(r),__FILE__,__LINE__)
++
++/* Error codes for the OPENSCEP functions. */
++
++/* Function codes. */
++#define OPENSCEP_F_D2I_ISSUER_AND_SUBJECT		 100
++#define OPENSCEP_F_D2I_PAYLOAD				 101
++#define OPENSCEP_F_ISSUER_AND_SUBJECT_NEW		 102
++#define OPENSCEP_F_PAYLOAD_NEW				 103
++
++/* Reason codes. */
++
++#ifdef  __cplusplus
++}
++#endif
++#endif
diff --git a/security/openscep/files/patch-lib_Makefile.in b/security/openscep/files/patch-lib_Makefile.in
new file mode 100644
index 000000000000..e65904cf12a2
--- /dev/null
+++ b/security/openscep/files/patch-lib_Makefile.in
@@ -0,0 +1,37 @@
+--- lib/Makefile.in.orig	Tue Feb 26 02:11:39 2002
++++ lib/Makefile.in	Thu May 19 16:35:38 2005
+@@ -115,14 +115,13 @@
+ 
+ LDADD = libscep.la
+ LDFLAGS = -R$(libdir) $(LIBS)
+-CPPFLAGS = -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
++CPPFLAGS += -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
+ 
+ VERSION_FILE = openscep_vers.c
+ 
+ libscep_la_LDFLAGS = -version-info `../shtool version -d libtool $(VERSION_FILE)`
+ 
+-libscep_la_SOURCES = init.c isasu.c decode.c sigattr.c pkcsreq.c		certrep.c getcertinitial.c getcert.c getcrl.c badreply.c attr.c		goodreply.c encode.c check.c grant.c scepldap.c fingerprint.c		openscep_vers.c selfsigned.c createreq.c http.c iser.c proxy.c		payload.c v2request.c transcheck.c pending.c spki2file.c
+-
++libscep_la_SOURCES = init.c isasu.c decode.c sigattr.c pkcsreq.c		certrep.c getcertinitial.c getcert.c getcrl.c badreply.c attr.c		goodreply.c encode.c check.c grant.c scepldap.c fingerprint.c		openscep_vers.c selfsigned.c createreq.c http.c iser.c proxy.c		payload.c v2request.c transcheck.c pending.c spki2file.c openscep_err.c
+ 
+ INCLUDES = $(INCLTDL) -I$(top_srcdir)/include -I$(OPENSSLDIR)/include
+ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+@@ -138,7 +137,8 @@
+ certrep.lo getcertinitial.lo getcert.lo getcrl.lo badreply.lo attr.lo \
+ goodreply.lo encode.lo check.lo grant.lo scepldap.lo fingerprint.lo \
+ openscep_vers.lo selfsigned.lo createreq.lo http.lo iser.lo proxy.lo \
+-payload.lo v2request.lo transcheck.lo pending.lo spki2file.lo
++payload.lo v2request.lo transcheck.lo pending.lo spki2file.lo \
++openscep_err.lo
+ CFLAGS = @CFLAGS@
+ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+@@ -364,6 +364,7 @@
+ 	../include/scep.h ../include/isasu.h ../include/payload.h \
+ 	../include/transcheck.h ../include/pending.h \
+ 	../include/goodreply.h ../include/badreply.h ../include/init.h
++openscep_err.lo openscep_err.o : openscep_err.c ../include/openscep_err.h
+ 
+ info-am:
+ info: info-am
diff --git a/security/openscep/files/patch-lib_decode.c b/security/openscep/files/patch-lib_decode.c
new file mode 100644
index 000000000000..e06c58fed984
--- /dev/null
+++ b/security/openscep/files/patch-lib_decode.c
@@ -0,0 +1,10 @@
+--- lib/decode.c.orig	Tue Feb 26 02:01:06 2002
++++ lib/decode.c	Thu May 19 16:23:01 2005
+@@ -58,6 +58,7 @@
+ 			__LINE__, (scep->client) ? "reply" : "request");
+ 
+ 	/* convert from base64 to internal representation		*/
++	BIO_set_mem_eof_return(bio, 0);
+ 	if (msg->base64) {
+ 		if (debug)
+ 			BIO_printf(bio_err, "%s:%d: prepending Base64 "
diff --git a/security/openscep/files/patch-lib_http.c b/security/openscep/files/patch-lib_http.c
new file mode 100644
index 000000000000..57cd8f999c36
--- /dev/null
+++ b/security/openscep/files/patch-lib_http.c
@@ -0,0 +1,10 @@
+--- lib/http.c.orig	Thu May 19 16:37:26 2005
++++ lib/http.c	Thu May 19 16:38:42 2005
+@@ -19,6 +19,7 @@
+ #include <string.h>
+ #include <openssl/err.h>
+ #include <arpa/inet.h>
++#include <netinet/in.h>
+ 
+ /*
+  * parse the url given in the second argument and fill in the h member
diff --git a/security/openscep/files/patch-lib_init.c b/security/openscep/files/patch-lib_init.c
new file mode 100644
index 000000000000..75bdd1330f11
--- /dev/null
+++ b/security/openscep/files/patch-lib_init.c
@@ -0,0 +1,22 @@
+--- lib/init.c.orig	Wed Feb 20 02:40:06 2002
++++ lib/init.c	Thu May 19 16:23:01 2005
+@@ -21,6 +21,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <openscep_err.h>
+ 
+ #define	TMPPATH	"/var/tmp/openscep"
+ 
+@@ -66,6 +67,11 @@
+ 	ERR_load_crypto_strings();
+ 	if (debug)
+ 		fprintf(stderr, "%s:%d: crypto strings loaded\n", __FILE__,
++			__LINE__);
++
++	ERR_load_OPENSCEP_strings();
++	if (debug)
++		fprintf(stderr, "%s:%d: openscep strings loaded\n", __FILE__,
+ 			__LINE__);
+ 
+ 	/* add the encryption algorithms available			*/
diff --git a/security/openscep/files/patch-lib_isasu.c b/security/openscep/files/patch-lib_isasu.c
new file mode 100644
index 000000000000..07f62ca1ed5d
--- /dev/null
+++ b/security/openscep/files/patch-lib_isasu.c
@@ -0,0 +1,28 @@
+--- lib/isasu.c.orig	Wed Feb 20 02:40:06 2002
++++ lib/isasu.c	Thu May 19 16:23:01 2005
+@@ -12,6 +12,7 @@
+ #include <init.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <openscep_err.h>
+ 
+ /*
+  * the methods in this file are based on the similar functions for the
+@@ -40,7 +41,7 @@
+ 	M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
+ 	M_ASN1_D2I_get(ret->subject, d2i_X509_NAME);
+ 	M_ASN1_D2I_Finish(a,issuer_and_subject_free,
+-		ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL);
++		OPENSCEP_F_D2I_ISSUER_AND_SUBJECT);
+ }
+ 
+ issuer_and_subject_t	*issuer_and_subject_new(void) {
+@@ -50,7 +51,7 @@
+ 	M_ASN1_New(ret->issuer, X509_NAME_new);
+ 	M_ASN1_New(ret->subject, X509_NAME_new);
+ 	return ret;
+-	M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW); /* wrong error code */
++	M_ASN1_New_Error(OPENSCEP_F_ISSUER_AND_SUBJECT_NEW);
+ }
+ 
+ void	issuer_and_subject_free(issuer_and_subject_t *isasu) {
diff --git a/security/openscep/files/patch-lib_openscep__err.c b/security/openscep/files/patch-lib_openscep__err.c
new file mode 100644
index 000000000000..a0ea6b031416
--- /dev/null
+++ b/security/openscep/files/patch-lib_openscep__err.c
@@ -0,0 +1,139 @@
+--- lib/openscep_err.c.orig	Thu May 19 16:26:46 2005
++++ lib/openscep_err.c	Thu May 19 16:26:46 2005
+@@ -0,0 +1,136 @@
++/* openscep_err.c */
++/* ====================================================================
++ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++/* NOTE: this file was auto generated by the mkerr.pl script: any changes
++ * made to it will be overwritten when the script next updates this file,
++ * only reason strings will be preserved.
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include "openscep_err.h"
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++static ERR_STRING_DATA OPENSCEP_str_functs[]=
++	{
++{ERR_PACK(0,OPENSCEP_F_D2I_ISSUER_AND_SUBJECT,0),	"D2I_ISSUER_AND_SUBJECT"},
++{ERR_PACK(0,OPENSCEP_F_D2I_PAYLOAD,0),	"D2I_PAYLOAD"},
++{ERR_PACK(0,OPENSCEP_F_ISSUER_AND_SUBJECT_NEW,0),	"ISSUER_AND_SUBJECT_NEW"},
++{ERR_PACK(0,OPENSCEP_F_PAYLOAD_NEW,0),	"PAYLOAD_NEW"},
++{0,NULL}
++	};
++
++static ERR_STRING_DATA OPENSCEP_str_reasons[]=
++	{
++{0,NULL}
++	};
++
++#endif
++
++#ifdef OPENSCEP_LIB_NAME
++static ERR_STRING_DATA OPENSCEP_lib_name[]=
++        {
++{0	,OPENSCEP_LIB_NAME},
++{0,NULL}
++	};
++#endif
++
++
++static int OPENSCEP_lib_error_code=0;
++static int OPENSCEP_error_init=1;
++
++void ERR_load_OPENSCEP_strings(void)
++	{
++	if (OPENSCEP_lib_error_code == 0)
++		OPENSCEP_lib_error_code=ERR_get_next_error_library();
++
++	if (OPENSCEP_error_init)
++		{
++		OPENSCEP_error_init=0;
++#ifndef OPENSSL_NO_ERR
++		ERR_load_strings(OPENSCEP_lib_error_code,OPENSCEP_str_functs);
++		ERR_load_strings(OPENSCEP_lib_error_code,OPENSCEP_str_reasons);
++#endif
++
++#ifdef OPENSCEP_LIB_NAME
++		OPENSCEP_lib_name->error = ERR_PACK(OPENSCEP_lib_error_code,0,0);
++		ERR_load_strings(0,OPENSCEP_lib_name);
++#endif
++		}
++	}
++
++void ERR_unload_OPENSCEP_strings(void)
++	{
++	if (OPENSCEP_error_init == 0)
++		{
++#ifndef OPENSSL_NO_ERR
++		ERR_unload_strings(OPENSCEP_lib_error_code,OPENSCEP_str_functs);
++		ERR_unload_strings(OPENSCEP_lib_error_code,OPENSCEP_str_reasons);
++#endif
++
++#ifdef OPENSCEP_LIB_NAME
++		ERR_unload_strings(0,OPENSCEP_lib_name);
++#endif
++		OPENSCEP_error_init=1;
++		}
++	}
++
++void ERR_OPENSCEP_error(int function, int reason, char *file, int line)
++	{
++	if (OPENSCEP_lib_error_code == 0)
++		OPENSCEP_lib_error_code=ERR_get_next_error_library();
++	ERR_PUT_error(OPENSCEP_lib_error_code,function,reason,file,line);
++	}
diff --git a/security/openscep/files/patch-lib_payload.c b/security/openscep/files/patch-lib_payload.c
new file mode 100644
index 000000000000..fe73e22a1dc5
--- /dev/null
+++ b/security/openscep/files/patch-lib_payload.c
@@ -0,0 +1,28 @@
+--- lib/payload.c.orig	Mon Feb 25 00:40:01 2002
++++ lib/payload.c	Thu May 19 16:26:46 2005
+@@ -16,6 +16,7 @@
+ #include <missl.h>
+ #include <scepldap.h>
+ #include <fcntl.h>
++#include <openscep_err.h>                                                                                                                   
+ 
+ /*
+  * payload_build_original	convert the original request into a bit string
+@@ -68,7 +69,7 @@
+ 	p->rt = -1;
+ 	p->od.req = NULL;
+ 	return p;
+-	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);	/* wrong error code */
++	M_ASN1_New_Error(OPENSCEP_F_PAYLOAD_NEW);
+ }
+ 
+ void	payload_free(payload_t *a) {
+@@ -171,7 +172,7 @@
+ 		ret->od.spki = d2i_NETSCAPE_SPKI(&r2, &u, l);
+ 		break;
+ 	}
+-	M_ASN1_D2I_Finish(a, payload_free, ASN1_F_D2I_X509_REQ_INFO);
++	M_ASN1_D2I_Finish(a, payload_free, OPENSCEP_F_D2I_PAYLOAD);
+ }
+ 
+ /*
diff --git a/security/openscep/files/patch-lib_sigattr.c b/security/openscep/files/patch-lib_sigattr.c
new file mode 100644
index 000000000000..f90f9afc4600
--- /dev/null
+++ b/security/openscep/files/patch-lib_sigattr.c
@@ -0,0 +1,35 @@
+--- lib/sigattr.c.orig	Wed Feb 20 02:40:06 2002
++++ lib/sigattr.c	Thu May 19 16:26:46 2005
+@@ -8,6 +8,7 @@
+ #include <sigattr.h>
+ #include <init.h>
+ #include <openssl/err.h>
++#include <openssl/opensslv.h>
+ 
+ /*
+  * read an attribute of type string
+@@ -120,6 +121,7 @@
+ 	X509_ATTRIBUTE			*attr;
+ 	int				i;
+ 	scepmsg_t			*msg;
++	int single;
+ 	
+ 	if (debug)
+ 		BIO_printf(bio_err, "%s:%d: looking for attribute '%s'\n",
+@@ -146,8 +148,14 @@
+ 	for (i = 0; i < sk_X509_ATTRIBUTE_num(sig_attribs); i++) {
+ 		attr = sk_X509_ATTRIBUTE_value(sig_attribs, i);
+ 		if (OBJ_cmp(attr->object, asn1_obj) == 0) {
+-			if ((!attr->set) || (sk_ASN1_TYPE_num(attr->value.set)
+-				== 0)) {
++#if OPENSSL_VERSION_NUMBER < 0x00907000L
++			/* attr->set was replaced with attr->single (with opposite
++			   meaning) somewhere between 0.9.6m-engine and 0.9.7d */
++			single = !attr->set;
++#else
++			single = attr->single;
++#endif
++			if (single || (sk_ASN1_TYPE_num(attr->value.set) == 0)) {
+ 				BIO_printf(bio_err, "%s:%d: attr has no val\n",
+ 					__FILE__, __LINE__);
+ 				goto err;
diff --git a/security/openscep/files/patch-scepd_Makefile.in b/security/openscep/files/patch-scepd_Makefile.in
new file mode 100644
index 000000000000..975147e37e41
--- /dev/null
+++ b/security/openscep/files/patch-scepd_Makefile.in
@@ -0,0 +1,11 @@
+--- scepd/Makefile.in.orig	Thu May 19 16:41:14 2005
++++ scepd/Makefile.in	Thu May 19 16:41:26 2005
+@@ -132,7 +132,7 @@
+ LDADD = ../lib/libscep.la
+ LDFLAGS = -R$(libdir)
+ 
+-CPPFLAGS = -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
++CPPFLAGS += -DOPENSCEPDIR=\"$(OPENSCEPDIR)\"
+ 
+ INCLUDES = $(INCLTDL) -I$(top_srcdir)/include -I$(OPENSSLDIR)/include
+ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
diff --git a/security/openscep/files/patch-scepd_dn2xid.c b/security/openscep/files/patch-scepd_dn2xid.c
new file mode 100644
index 000000000000..13b79fec6b1c
--- /dev/null
+++ b/security/openscep/files/patch-scepd_dn2xid.c
@@ -0,0 +1,10 @@
+--- scepd/dn2xid.c.orig	Mon Mar 26 14:36:47 2001
++++ scepd/dn2xid.c	Thu May 19 16:26:46 2005
+@@ -11,6 +11,7 @@
+ #include <ldap.h>
+ #include <unistd.h>
+ #include <openssl/bio.h>
++#include <openssl/evp.h>
+ #include <openssl/x509.h>
+ #include <openssl/err.h>
+ #include <fingerprint.h>
diff --git a/security/openscep/files/patch-scepd_sceplist.c b/security/openscep/files/patch-scepd_sceplist.c
new file mode 100644
index 000000000000..6fff4ae7bd07
--- /dev/null
+++ b/security/openscep/files/patch-scepd_sceplist.c
@@ -0,0 +1,32 @@
+--- scepd/sceplist.c.orig	Thu May 19 16:59:02 2005
++++ scepd/sceplist.c	Thu May 19 17:02:22 2005
+@@ -96,7 +96,6 @@
+ /*
+  * convert ASN1 time string to a struct tm
+  */
+-extern time_t	timezone; /* compiler does not like it inside func */
+ #ifdef HAVE_ALTZONE
+ extern time_t	altzone;
+ #endif /* HAVE_ALTZONE */
+@@ -124,19 +123,15 @@
+ 	rtm.tm_year = atoi(work);
+ 	if (rtm.tm_year < 70)
+ 		rtm.tm_year += 100;
++	rtm.tm_zone = 0;
+ 
+-	/* set the time zone to GMT, as mktime uses the local time zone	*/
+-	timezone = 0;
+ #ifdef HAVE_ALTZONE
+ 	altzone = 0;
+ #endif /* HAVE_ALTZONE */
+ 
+ 	/* use mktime to normalize the structure and t convert to a	*/
+ 	/* time_t value							*/
+-	rt = mktime(&rtm);
+-
+-	/* reset the time zone to local settings			*/
+-	tzset();
++	rt = timegm(&rtm);
+ 
+ 	return rt;
+ }
diff --git a/security/openscep/files/pkg-deinstall.in b/security/openscep/files/pkg-deinstall.in
new file mode 100644
index 000000000000..19c51b8a3ad8
--- /dev/null
+++ b/security/openscep/files/pkg-deinstall.in
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+[ "$2" != "DEINSTALL" ] && exit 0
+
+for f in %%CONF_FILES%%; do
+    if cmp -s "%%CONF_DIR%%/$f" "%%CONF_DIR%%/$f.default"; then
+	rm -f "%%CONF_DIR%%/$f"
+    fi
+done
diff --git a/security/openscep/files/pkg-install.in b/security/openscep/files/pkg-install.in
new file mode 100644
index 000000000000..585a18d73eba
--- /dev/null
+++ b/security/openscep/files/pkg-install.in
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+[ "$2" != "POST-INSTALL" ] && exit 0
+
+for f in %%CONF_FILES%%; do
+    [ -f "%%CONF_DIR%%/$f" ] || cp -p "%%CONF_DIR%%/$f.default" "%%CONF_DIR%%/$f"
+done
diff --git a/security/openscep/files/pkg-message.in b/security/openscep/files/pkg-message.in
new file mode 100644
index 000000000000..83a5e542d1c6
--- /dev/null
+++ b/security/openscep/files/pkg-message.in
@@ -0,0 +1,14 @@
+======================================================================
+You now need to add an alias to apache's httpd.conf pointing to
+%%PREFIX%%/www/openscep in order to access openscep from
+your web browser, or create a VirtualHost with DocumentRoot set
+to that directory.
+
+You should also include %%PREFIX%%/etc/openscep/openscep.schema
+into your slapd config (sample of this is at
+%%PREFIX%%/etc/openscep/slapd.conf).
+
+Furthermore, you should add your ldap directory information from 
+%%PREFIX%%/etc/openscep/openscep.ldif and edit DN specific information
+there before doing ldapadd.
+======================================================================
diff --git a/security/openscep/pkg-descr b/security/openscep/pkg-descr
new file mode 100644
index 000000000000..dfd57c161d24
--- /dev/null
+++ b/security/openscep/pkg-descr
@@ -0,0 +1,8 @@
+OpenSCEP is an open source implementation of the SCEP protocol used by Cisco
+routers for certificate enrollment to build VPNs. It implements most of the
+draft specification.
+
+OpenSCEP includes a client and a server implementation, as well as some CGI
+programs to simplify certificate and revocation list management. 
+
+WWW: http://openscep.othello.ch/
diff --git a/security/openscep/pkg-plist b/security/openscep/pkg-plist
new file mode 100644
index 000000000000..900f117f0874
--- /dev/null
+++ b/security/openscep/pkg-plist
@@ -0,0 +1,73 @@
+bin/derdump
+bin/scep
+bin/scepclient
+bin/scepconf
+bin/scepkey
+bin/sceplist
+bin/scepxid
+etc/openscep/openscep.cnf.default
+etc/openscep/openscep.ldif.default
+etc/openscep/openscep.schema.default
+etc/openscep/slapd.conf.default
+lib/libscep.a
+lib/libscep.so
+lib/libscep.so.4
+sbin/cafingerprint
+sbin/createcrl
+sbin/crl2ldap
+sbin/dn2xid
+sbin/openscepsetup
+sbin/scepd
+sbin/scepgrant
+sbin/scepreject
+sbin/updatecrl
+www/cgi-bin/openscep/add.pl
+www/cgi-bin/openscep/crl.pl
+www/cgi-bin/openscep/granted.pl
+www/cgi-bin/openscep/log.pl
+www/cgi-bin/openscep/pending.pl
+www/cgi-bin/openscep/rejected.pl
+www/cgi-bin/openscep/revoked.pl
+www/cgi-bin/pkiclient.exe
+www/openscep/COPYING
+www/openscep/ChangeLog
+www/openscep/INSTALL
+www/openscep/NEWS
+www/openscep/README
+www/openscep/SETUP
+www/openscep/TODO
+www/openscep/add.gif
+www/openscep/cafingerprint.8.html
+www/openscep/contents.html
+www/openscep/createcrl.8.html
+www/openscep/crl.gif
+www/openscep/crl2ldap.8.html
+www/openscep/derdump.1.html
+www/openscep/dn2xid.8.html
+www/openscep/draft-nourse-scep-05.txt
+www/openscep/granted.gif
+www/openscep/help.gif
+www/openscep/help.html
+www/openscep/index.html
+www/openscep/log.gif
+www/openscep/openscep.cnf.5.html
+www/openscep/openscep.gif
+www/openscep/openscep.png
+www/openscep/rejected.gif
+www/openscep/requests.gif
+www/openscep/revocation.html
+www/openscep/revoked.gif
+www/openscep/scep.1.html
+www/openscep/scepclient.1.html
+www/openscep/scepconf.1.html
+www/openscep/scepd.8.html
+www/openscep/scepgrant.8.html
+www/openscep/sceplist.1.html
+www/openscep/scepreject.8.html
+www/openscep/scepxid.1.html
+www/openscep/title.html
+www/openscep/updatecrl.8.html
+www/openscep/welcome.html
+@dirrm www/cgi-bin/openscep
+@dirrm www/openscep
+@unexec rmdir %D/etc/openscep 2>/dev/null || true