PSARC/2016/233 OpenCA OCSP Responder
22017756 Add openca-ocspd v3.1.2 to Userland consolidation
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/Makefile Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,65 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+BUILD_BITS= 64
+include ../../make-rules/shared-macros.mk
+
+COMPONENT_NAME= openca-ocspd
+COMPONENT_VERSION= 3.1.2
+COMPONENT_PROJECT_URL= https://www.openca.org/projects/ocspd/
+COMPONENT_ARCHIVE_SRC= git
+COMPONENT_BUGDB= library/smartcard
+
+GIT_REPO= https://github.com/openca/openca-ocspd
+GIT_COMMIT_ID= 0f16341
+GIT_HASH= sha256:0f894c7f19d658bdbda88887a3d748e8a968c6fd5cfc5f7be8ace9399b2f878d
+
+TPNO = 28048
+
+# Skip test because of set up requirements.
+#
+# The upstream archive includes a test script (test.sh), which tries to run
+# "openssl ocsp" command multiple times. However, it assumes that we already
+# have necessary pem files (keys/certficates for CA, ocspd daemon, and others,
+# and also the CRL), and those files are not included in the archive.
+#
+# To test manually, follow a guide document for the smartcard project.
+TEST_TARGET= $(SKIP_TEST)
+
+include $(WS_MAKE_RULES)/common.mk
+
+PKG_PROTO_DIRS += $(COMPONENT_SRC)/docs
+PKG_PROTO_DIRS += $(COMPONENT_SRC)/etc/ca.d
+
+POD2MAN_PATH = /usr/perl5/$(PERL_VERSION)/bin
+
+COMPONENT_BUILD_ENV += PATH="$(PATH):$(POD2MAN_PATH)"
+
+REQUIRED_PACKAGES += library/security/ocsp/libpki
+REQUIRED_PACKAGES += library/security/openssl
+REQUIRED_PACKAGES += library/security/openssl/openssl-fips-140
+REQUIRED_PACKAGES += shell/bash
+REQUIRED_PACKAGES += shell/ksh93
+REQUIRED_PACKAGES += system/core-os
+REQUIRED_PACKAGES += system/network
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/Solaris/ocspd.xml Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,78 @@
+<?xml version="1.0" ?>
+<!DOCTYPE service_bundle
+ SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<!--
+ Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+
+ NOTE: This service manifest is not editable; its contents will
+ be overwritten by package or patch operations, including
+ operating system upgrade. Make customizations in a different
+ file.
+-->
+
+<service_bundle type='manifest' name='ocsp'>
+
+<service
+ name='application/security/ocsp'
+ type='service'
+ version='1'>
+
+ <create_default_instance enabled='false' />
+
+ <single_instance/>
+
+ <!-- Wait for network interfaces to be initialized. -->
+ <dependency
+ name='network'
+ grouping='require_all'
+ restart_on='none'
+ type='service'>
+ <service_fmri value='svc:/milestone/network:default'/>
+ </dependency>
+
+ <!-- Wait for all local filesystems to be mounted. -->
+ <dependency
+ name='filesystem-local'
+ grouping='require_all'
+ restart_on='none'
+ type='service'>
+ <service_fmri value='svc:/system/filesystem/local'/>
+ </dependency>
+
+ <exec_method
+ type="method"
+ name="start"
+ exec='/lib/svc/method/svc-ocspd start'
+ timeout_seconds="60">
+ </exec_method>
+
+ <exec_method
+ type="method"
+ name="stop"
+ exec=":kill"
+ timeout_seconds="60">
+ </exec_method>
+
+ <exec_method
+ type='method'
+ name='restart'
+ exec='/lib/svc/method/svc-ocspd restart'
+ timeout_seconds='60'>
+ </exec_method>
+
+ <stability value='Unstable' />
+
+ <template>
+ <common_name>
+ <loctext xml:lang='C'>OCSP responder</loctext>
+ </common_name>
+ <documentation>
+ <manpage
+ title='ocspd'
+ section='3'
+ manpath='/usr/share/man'/>
+ </documentation>
+ </template>
+</service>
+
+</service_bundle>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/Solaris/svc-ocspd Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,28 @@
+#!/usr/sbin/sh
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+. /lib/svc/share/smf_include.sh
+
+CONF_FILE=/etc/ocspd/ocspd.xml;
+PIDFILE=$SMF_SYSVOL_FS/ocspd.pid;
+
+case "$1" in
+'start')
+ /usr/sbin/ocspd -c "$CONF_FILE" -d
+ ;;
+
+'restart')
+ if [ -f "$PIDFILE" ]; then
+ /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
+ fi
+ ;;
+
+*)
+ echo "Usage: $0 { start | restart }"
+ exit 1
+ ;;
+esac
+
+exit $?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/openca-ocspd.license Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,77 @@
+Project Author(s):
+ Massimiliano Pala <[email protected]>
+
+Project Contributor(s):
+ Many thanks go to the people of the OpenSSL project from where
+ some of the used code comes from. Many thanks to all of them,
+ now and forever.
+
+Additional contribution (in no particular order) from:
+ * Sergei Vyshenski
+ * Julia Dubenskaya
+ * David A. Cooper
+
+Project Alpha and Beta Tester(s) (in no particular order):
+ * Maselli Giovanni Francesco
+ * Guillaume Tamboise
+ * Apu Kapadia
+
+From Copy File:
+====================================================================
+ OpenCA OCSPD daemon - Open Source Project
+ (c) 1999-2009 by OpenCA Labs and Massimilian Pala
+ All Rights Reserved
+====================================================================
+
+ This software have been released under an Apache-style licence.
+
+ This software consists of voluntary contributions made by many
+ individuals on behalf of the OpenCA Labs. For more information
+ on the OpenCA Team and the OpenCA Project please refer to
+ <http://www.OpenCA.org/>.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by the OpenCA Labs
+ for use in the OpenCA project (http://www.OpenCA.org/)."
+
+ 4. The names "OpenCA" and "OpenCA Labs" must not be used to
+ endorse or promote products derived from this software without
+ prior written permission. For written permission, please contact
+ [email protected].
+
+ 5. Products derived from this software may not be called "OpenCA"
+ nor may "OpenCA" appear in their names without prior written
+ permission of the OpenCA Labs.
+
+ 6. Redistributions of any form whatsoever must retain the following
+ acknowledgment:
+
+ "This product includes software developed by Massimiliano
+ Pala and the OpenCA Labs for use in the OpenCA project
+ (http://www.openca.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY THE OPENCA TEAM ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENCA TEAM OR
+ ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/openca-ocspd.p5m Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,57 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+<transform file path=usr.*/man/.+ -> default mangler.man.stability "Pass-through Volatile">
+set name=pkg.fmri \
+ value=pkg:/library/security/ocsp/openca-ocspd@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary \
+ value="Online Certificate State Protocol (OCSP) responder for smartcard"
+set name=pkg.description \
+ value="Provides a rfc2560 compliant OCSPD responder that can be used for multiple CAs to verify the status of a smarcard certificate."
+set name=com.oracle.info.description value="the OpenCA OCSPD Project"
+set name=com.oracle.info.tpno value=$(TPNO)
+set name=info.classification \
+ value=org.opensolaris.category.2008:Applications/Internet \
+ value=org.opensolaris.category.2008:System/Security
+set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
+set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
+set name=org.opensolaris.arc-caseid value=PSARC/2016/233
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+file self-certs.xml path=etc/ocspd/ca.d/self-certs.xml
+dir path=etc/ocspd/certs
+dir path=etc/ocspd/crls
+file path=etc/ocspd/ocspd.xml
+dir path=etc/ocspd/pki/hsm.d
+dir path=etc/ocspd/pki/profile.d
+file path=etc/ocspd/pki/token.d/software.xml
+dir path=etc/ocspd/private
+file Solaris/ocspd.xml path=lib/svc/manifest/application/security/ocspd.xml
+file Solaris/svc-ocspd path=lib/svc/method/svc-ocspd
+file path=usr/bin/ocspd-genreq.sh
+file path=usr/lib/$(MACH64)/pkgconfig/openca-ocspd.pc
+file path=usr/sbin/ocspd
+file ocspd.3 path=usr/share/man/man3/ocspd.3
+file ocspd.conf.3 path=usr/share/man/man3/ocspd.conf.3
+license openca-ocspd.license license=Apache
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/01-configure.patch Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,59 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to add architectures and use an appropriate path for Oracle build
+environments.
+
+The default user/group should be daemon/daemon on Solaris.
+
+--- openca-ocspd-3.1.2/configure 2015-11-10 13:31:40.892916326 -0800
++++ openca-ocspd-3.1.2/configure 2016-05-04 14:52:19.134435130 -0700
+@@ -2331,7 +2331,7 @@
+
+
+ mybits=""
+-if [ `uname -m` = "x86_64" ] ; then
++if [ `uname -m` = "x86_64" ] || [ `uname -m` = "i86pc" ] || [ `uname -m` = "sun4v" ]; then
+ mybits="64";
+ fi
+
+@@ -3092,6 +3092,7 @@
+ arch_target=
+
+ case "$target" in
++ i386-pc-*) arch_target=x86_64 ;;
+ i*86-*) arch_target=x86 ;;
+ x86_64-*) arch_target=x86_64 ;;
+ sparc*-*) arch_target=Sparc ;;
+@@ -13023,8 +13024,19 @@
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: with libpki-prefix : $libpki_prefix " >&5
+ $as_echo "with libpki-prefix : $libpki_prefix " >&6; }
+
++case `uname -m` in
++ "i86pc")
++ mach64=amd64
++ ;;
++ "sun4v")
++ mach64=sparcv9
++ ;;
++ *)
++ ;;
++esac
++
+ if [ "x$libpki_prefix" != x ]; then
+- libpki_path=$libpki_prefix/lib
++ libpki_path=$libpki_prefix/lib/${mach64}
+ libpki_config="${libpki_prefix}/bin/libpki-config"
+ else
+ # Extract the first word of "libpki-config", so it can be a program name with args.
+@@ -13152,8 +13164,8 @@
+
+
+
+-default_user=nobody
+-default_group=nobody
++default_user=daemon
++default_group=daemon
+
+ if [ "x$DIST_NAME" = "xUbuntu" ] ; then
+ default_user=www-data
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/02-makefile.patch Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,58 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to set an appropriate etc directory path.
+
+Should not install an init script because Solaris uses an SMF service.
+
+Need to include $(top_srcdir)/src/ocspd/includes because not all headers are
+available in $(top_builddir)/src/ocspd/includes.
+
+--- openca-ocspd-3.1.2/etc/Makefile.in 2015-11-10 13:31:41.475359746 -0800
++++ openca-ocspd-3.1.2/etc/Makefile.in 2016-03-04 13:30:46.052651164 -0800
+@@ -268,7 +268,7 @@
+ top_srcdir = @top_srcdir@
+ user = @user@
+ TOP = ..
+-etc_prefix = $(DESTDIR)${exec_prefix}/etc
++etc_prefix = $(DESTDIR)/etc
+ lib_prefix = $(DESTDIR)@libdir@
+ var_prefix = $(DESTDIR)${exec_prefix}/var
+ doc_prefix = $(DESTDIR)${datadir}/openca-prqpd
+@@ -306,8 +306,6 @@
+ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+ $(am__aclocal_m4_deps):
+-ocspd: $(top_builddir)/config.status $(srcdir)/ocspd.in
+- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+ ocspd.xml: $(top_builddir)/config.status $(srcdir)/ocspd.xml.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+@@ -472,7 +470,6 @@
+ install-data-local:
+ @$(NORMAL_INSTALL)
+ $(mkinstalldirs) $(etc_prefix); \
+- $(mkinstalldirs) $(etc_prefix)/init.d; \
+ $(mkinstalldirs) $(etc_prefix)/ocspd; \
+ $(mkinstalldirs) $(etc_prefix)/ocspd/certs; \
+ $(mkinstalldirs) $(etc_prefix)/ocspd/crls; \
+@@ -487,8 +484,6 @@
+ $(INSTALL_DATA) $$file $(etc_prefix)/ocspd; \
+ fi \
+ done ;
+- @ $(INSTALL_DATA) ocspd $(etc_prefix)/init.d/; \
+- $(CHMOD) +x $(etc_prefix)/init.d/ocspd ;
+ @for file in token.d/*.xml ; do \
+ if test -f $$file ; then \
+ $(INSTALL_DATA) $$file $(etc_prefix)/ocspd/pki/token.d ; \
+--- openca-ocspd-3.1.2/src/ocspd/Makefile.in Tue Nov 10 13:31:41 2015
++++ openca-ocspd-3.1.2/src/ocspd/Makefile.in Wed Jan 27 14:36:14 2016
+@@ -118,7 +118,7 @@
+ am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+ am__v_at_0 = @
+ am__v_at_1 =
+-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/ocspd/includes
++DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/ocspd/includes -I$(top_srcdir)/src/ocspd/includes
+ depcomp = $(SHELL) $(top_srcdir)/build/depcomp
+ am__depfiles_maybe = depfiles
+ am__mv = mv -f
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/03-pod.patch Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,13 @@
+Patch origin: in-house
+Patch status: not Solaris-specific; suitable for upstream
+
+Syntax error. =back is missing.
+
+--- openca-ocspd-3.1.2/docs/ocspd.3.pod Tue Nov 10 13:31:40 2015
++++ openca-ocspd-3.1.2/docs/ocspd.3.pod Thu Dec 17 13:07:42 2015
+@@ -114,4 +114,4 @@
+
+ =cut
+
+-
++=back
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/04-etc.patch Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,63 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to use appropriate paths on Solaris.
+
+--- openca-ocspd-3.1.2/etc/ca.d/self-certs.xml 2015-11-10 13:31:41.488330851 -0800
++++ openca-ocspd-3.1.2/etc/ca.d/self-certs.xml 2016-05-02 13:16:41.626691944 -0700
+@@ -14,9 +14,9 @@
+ <!--
+ <pki:caCertUrl>ldap://ldap.dartmouth.edu:389/cn=Dartmouth CertAuth1, o=Dartmouth College, C=US, dc=dartmouth, dc=edu?cACertificate;binary</pki:caCertUrl>
+ -->
+- <pki:caCertUrl>etc/ocspd/certs/cacert.pem</pki:caCertUrl>
++ <pki:caCertUrl>/etc/ocspd/certs/cacert.pem</pki:caCertUrl>
+ <!-- <pki:caCertUrl>/usr/local/openca-ocspd/etc/ocspd/certs/cacert.pem</pki:caCertUrl> -->
+- <pki:crlUrl>etc/ocspd/crls/crl.pem</pki:crlUrl>
++ <pki:crlUrl>/etc/ocspd/crls/crl.pem</pki:crlUrl>
+ <!-- Use serverCertUrl if your OCSP server has only one private
+ keypair (configured in the ocsp.xml -> token ) but different
+ certificates issued by different CAs. This is the cert that
+--- openca-ocspd-3.1.2/etc/ocspd.xml.in 2015-11-10 13:31:41.502549439 -0800
++++ openca-ocspd-3.1.2/etc/ocspd.xml.in 2016-03-15 15:36:10.455463843 -0700
+@@ -5,16 +5,16 @@
+ <pki:general>
+ <!-- Directory where configurations about libPKI token (e.g., token.d/,
+ hsm.d/, etc... ) are located -->
+- <pki:pkiConfigDir>@prefix@/etc/ocspd/pki</pki:pkiConfigDir>
++ <pki:pkiConfigDir>/etc/ocspd/pki</pki:pkiConfigDir>
+ <!-- Name of the token configuration to be used for the server, check
+ the libPKI documentations for more details -->
+ <pki:token>ocspServerToken</pki:token>
+ <!-- Directory containing all the configuration files for the supported
+ CAs -->
+- <pki:caConfigDir>@prefix@/etc/ocspd/ca.d</pki:caConfigDir>
++ <pki:caConfigDir>/etc/ocspd/ca.d</pki:caConfigDir>
+ <!-- File where the server will write its own Process id (PID) into
+ upon startup -->
+- <pki:pidFile>@prefix@/var/run/ocspd.pid</pki:pidFile>
++ <pki:pidFile>/var/run/ocspd.pid</pki:pidFile>
+ <!-- Number of threads to be pre-spawned -->
+ <pki:spawnThreads>10</pki:spawnThreads>
+ <!-- Auto Reload Timeout (secs) -->
+--- openca-ocspd-3.1.2/etc/token.d/software.xml.in 2015-11-10 13:31:41.529632712 -0800
++++ openca-ocspd-3.1.2/etc/token.d/software.xml.in 2016-04-08 11:21:38.576873784 -0700
+@@ -8,14 +8,14 @@
+ <!-- HSM specification for server token -->
+ <!-- <pki:hsm>software</pki:hsm> -->
+ <!-- Private key identifier (URI - file:// id:// etc.. ) -->
+- <pki:keypair>file://@prefix@/etc/ocspd/private/key.pem</pki:keypair>
++ <pki:keypair>file:///etc/ocspd/private/key.pem</pki:keypair>
+ <!-- Certificate identifier (URI) -->
+- <pki:cert>file://@prefix@/etc/ocspd/certs/cert.pem</pki:cert>
++ <pki:cert>file:///etc/ocspd/certs/cert.pem</pki:cert>
+ <!-- CA Certificate -->
+- <pki:cacert>file://@prefix@/etc/ocspd/certs/cacert.pem</pki:cacert>
++ <pki:cacert>file:///etc/ocspd/certs/cacert.pem</pki:cacert>
+ <!-- Certificates -->
+- <pki:othercerts>file:://@prefix@/etc/ocspd/certs/other-certs.pem</pki:othercerts>
+- <pki:trustedcerts>file:://@prefix@/etc/ocspd/certs/trusted-certs.pem</pki:trustedcerts>
++ <!-- <pki:othercerts>file::///etc/ocspd/certs/other-certs.pem</pki:othercerts> -->
++ <!-- <pki:trustedcerts>file::///etc/ocspd/certs/trusted-certs.pem</pki:trustedcerts> -->
+ <!-- passin is used to specify the method for reading the token
+ password. The following options are available:
+ none ...... : do not prompt for any password
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/05-scripts.patch Wed Jun 01 15:59:29 2016 -0700
@@ -0,0 +1,15 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to use an appropriate path on Solaris.
+
+--- openca-ocspd-3.1.2/scripts/ocspd-genreq.sh.in 2015-11-10 13:31:41.108065796 -0800
++++ openca-ocspd-3.1.2/scripts/ocspd-genreq.sh.in 2016-04-08 12:10:37.931458124 -0700
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+
+-prefix="@prefix@"
++prefix=
+ token="ocspServerToken"
+ defSubject="CN=OCSP Server, O=OpenCA, C=US"
+ defAlgor="RSA-SHA256"