current/SPECS/openssl.spec

%define maj     1.1
%define libname     %mklibname openssl %{maj}
%define develname   %mklibname openssl -d
%define staticname  %mklibname openssl -s -d

%define with_krb5   0

Summary:    Secure Sockets Layer communications libs & utils
Name:       openssl
Version:    1.1.1i
Release:    %mkrel 1
License:    BSD-like
Group:      System/Libraries
URL:        http://www.openssl.org/
Source0:    http://www.openssl.org/source/%{name}-%{version}.tar.gz
Source1:    http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2:    Makefile.certificate
Source4:    openssl-thread-test.c
Source6:    make-dummy-cert
Source7:    renew-dummy-cert
Source12:   ec_curve.c
Source13:   ectest.c

# fedora patches
Patch1:     openssl-1.1.1-build.patch
Patch2:     openssl-1.1.1-defaults.patch
Patch3:     openssl-1.1.0-no-html.patch
Patch4:     openssl-1.1.1-man-rename.patch
Patch21:    openssl-1.1.0-issuer-hash.patch
Patch31:    openssl-1.1.1-conf-paths.patch
Patch32:    openssl-1.1.1-version-add-engines.patch
Patch33:    openssl-1.1.1-apps-dgst.patch
Patch36:    openssl-1.1.1-no-brainpool.patch
Patch37:    openssl-1.1.1-ec-curves.patch
Patch38:    openssl-1.1.1-no-weak-verify.patch
Patch40:    openssl-1.1.1-disable-ssl3.patch
Patch41:    openssl-1.1.1-system-cipherlist.patch
Patch45:    openssl-1.1.1-weak-ciphers.patch
Patch46:    openssl-1.1.1-seclevel.patch
Patch47:    openssl-1.1.1-ts-sha256-default.patch
Patch49:    openssl-1.1.1-evp-kdf.patch
Patch50:    openssl-1.1.1-ssh-kdf.patch
# Backported fixes including security fixes

# MIPS and ARM support
Patch300:   openssl-1.0.2a-mips.patch
Patch301:   openssl-1.0.2a-arm.patch

Requires:   %{libname} = %{version}-%{release}
Requires:   rootcerts
%if %with_krb5
BuildRequires:  krb5-devel
%endif
BuildRequires:  multiarch-utils >= 1.0.3
BuildRequires:  chrpath
BuildRequires:  pkgconfig(zlib)
BuildRequires:  pkgconfig(libsctp)
# (tv) for test suite:
BuildRequires:  bc

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%package -n %{libname}
Summary:    Secure Sockets Layer communications libs
Group:      System/Libraries
Requires:   crypto-policies
Provides:   %{libname} = %{version}-%{release}

%description -n %{libname}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%package -n %{develname}
Summary:    Secure Sockets Layer communications libs & headers & utils
Group:      Development/Other
Requires:   %{libname} = %{version}-%{release}
Provides:   libopenssl-devel
Provides:   %{name}-devel = %{version}-%{release}
Obsoletes:  %{mklibname openssl 1.0.0}-devel

%description -n %{develname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%package -n %{staticname}
Summary:    Secure Sockets Layer communications static libs
Group:      Development/Other
Requires:   %{develname} = %{version}-%{release}
Provides:   libopenssl-static-devel
Provides:   %{name}-static-devel = %{version}-%{release}
Obsoletes:  %{mklibname openssl 1.0.0}-static-devel

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%package    perl
Summary:    Perl scripts provided with OpenSSL
Group:      System/Libraries
Requires:   %{name}%{?_isa} = %{version}-%{release}
Conflicts:  %name <= 1.0.2h-1.mga6

%description    perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

%prep
%setup -q

cp %{SOURCE12} crypto/ec/
cp %{SOURCE13} test/

%patch1 -p1 -b .build
%patch2 -p1 -b .default
%patch3 -p1 -b .no-html
%patch4 -p1 -b .man-rename

%patch21 -p1 -b .issuer-hash

%patch31 -p1 -b .ca-dir
%patch32 -p1 -b .version-add-engines
%patch33 -p1 -b .dgst
%patch36 -p1 -b .no-brainpool
%patch37 -p1 -b .curves
%patch38 -p1 -b .no-weak-verify
%patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist
%patch45 -p1 -b .weak-ciphers
%patch46 -p1 -b .seclevel
%patch47 -p1 -b .ts-sha256-defaul
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf

#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile

%build
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
    sslflags="no-asm 386"
fi
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --prefix=%{_prefix} \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
%if %with_krb5
    --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
%endif
     zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
     enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
     enable-weak-ssl-ciphers \
     no-mdc2 no-ec2m no-sm2 no-sm4 \
     shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'

util/mkdef.pl crypto update

make all

%check
%ifnarch %ix86

(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
 sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
 touch -r configdata.pm configdata.pm.new && \
 mv -f configdata.pm.new configdata.pm)

# We must revert patch31 before tests otherwise they will fail
patch -p1 -R < %{PATCH31}

export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file

make test
%endif

%install
%make_install

# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert

# Move runable perl scripts to bindir
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist

# fix man pages conflicts with other packages
for i in passwd rand ; do
    mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
done

%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h

# nuke rpath
chrpath -d %{buildroot}%{_bindir}/openssl

# Fix libdir.
for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
    sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
done

# adjust ssldir
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf

%files
%doc FAQ INSTALL LICENSE NEWS README*
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/rootcerts
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%{_sysconfdir}/pki/tls/certs/Makefile
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
%{_bindir}/openssl
%{_mandir}/man[157]/*
%exclude %{_mandir}/man1*/*rehash*
%exclude %{_mandir}/man1*/*.pl*
%exclude %{_mandir}/man1*/*tsget*

%files -n %{libname}
%doc FAQ LICENSE NEWS README*
%{_libdir}/lib*.so.%{maj}
%{_libdir}/engines-%{maj}

%files -n %{develname}
%doc CHANGES doc/*
%dir %{_includedir}/openssl
%multiarch %{multiarch_includedir}/openssl/opensslconf.h
%{_includedir}/openssl
%{_libdir}/lib*.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*.pc

%files -n %{staticname}
%{_libdir}/lib*.a

%files perl
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1*/*rehash*
%{_mandir}/man1*/*.pl*
%{_mandir}/man1*/*tsget*
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
1	%define maj 1.1
2	%define libname %mklibname openssl %{maj}
3	%define develname %mklibname openssl -d
4	%define staticname %mklibname openssl -s -d
5
6	%define with_krb5 0
7
8	Summary: Secure Sockets Layer communications libs & utils
9	Name: openssl
10	Version: 1.1.1i
11	Release: %mkrel 1
12	License: BSD-like
13	Group: System/Libraries
14	URL: http://www.openssl.org/
15	Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
16	Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
17	Source2: Makefile.certificate
18	Source4: openssl-thread-test.c
19	Source6: make-dummy-cert
20	Source7: renew-dummy-cert
21	Source12: ec_curve.c
22	Source13: ectest.c
23
24	# fedora patches
25	Patch1: openssl-1.1.1-build.patch
26	Patch2: openssl-1.1.1-defaults.patch
27	Patch3: openssl-1.1.0-no-html.patch
28	Patch4: openssl-1.1.1-man-rename.patch
29	Patch21: openssl-1.1.0-issuer-hash.patch
30	Patch31: openssl-1.1.1-conf-paths.patch
31	Patch32: openssl-1.1.1-version-add-engines.patch
32	Patch33: openssl-1.1.1-apps-dgst.patch
33	Patch36: openssl-1.1.1-no-brainpool.patch
34	Patch37: openssl-1.1.1-ec-curves.patch
35	Patch38: openssl-1.1.1-no-weak-verify.patch
36	Patch40: openssl-1.1.1-disable-ssl3.patch
37	Patch41: openssl-1.1.1-system-cipherlist.patch
38	Patch45: openssl-1.1.1-weak-ciphers.patch
39	Patch46: openssl-1.1.1-seclevel.patch
40	Patch47: openssl-1.1.1-ts-sha256-default.patch
41	Patch49: openssl-1.1.1-evp-kdf.patch
42	Patch50: openssl-1.1.1-ssh-kdf.patch
43	# Backported fixes including security fixes
44
45	# MIPS and ARM support
46	Patch300: openssl-1.0.2a-mips.patch
47	Patch301: openssl-1.0.2a-arm.patch
48
49	Requires: %{libname} = %{version}-%{release}
50	Requires: rootcerts
51	%if %with_krb5
52	BuildRequires: krb5-devel
53	%endif
54	BuildRequires: multiarch-utils >= 1.0.3
55	BuildRequires: chrpath
56	BuildRequires: pkgconfig(zlib)
57	BuildRequires: pkgconfig(libsctp)
58	# (tv) for test suite:
59	BuildRequires: bc
60
61	%description
62	The openssl certificate management tool and the shared libraries that provide
63	various encryption and decription algorithms and protocols, including DES, RC4,
64	RSA and SSL.
65
66	%package -n %{libname}
67	Summary: Secure Sockets Layer communications libs
68	Group: System/Libraries
69	Requires: crypto-policies
70	Provides: %{libname} = %{version}-%{release}
71
72	%description -n %{libname}
73	The libraries files are needed for various cryptographic algorithms
74	and protocols, including DES, RC4, RSA and SSL.
75
76	%package -n %{develname}
77	Summary: Secure Sockets Layer communications libs & headers & utils
78	Group: Development/Other
79	Requires: %{libname} = %{version}-%{release}
80	Provides: libopenssl-devel
81	Provides: %{name}-devel = %{version}-%{release}
82	Obsoletes: %{mklibname openssl 1.0.0}-devel
83
84	%description -n %{develname}
85	The libraries and include files needed to compile apps with support
86	for various cryptographic algorithms and protocols, including DES, RC4, RSA
87	and SSL.
88
89	%package -n %{staticname}
90	Summary: Secure Sockets Layer communications static libs
91	Group: Development/Other
92	Requires: %{develname} = %{version}-%{release}
93	Provides: libopenssl-static-devel
94	Provides: %{name}-static-devel = %{version}-%{release}
95	Obsoletes: %{mklibname openssl 1.0.0}-static-devel
96
97	%description -n %{staticname}
98	The static libraries needed to compile apps with support for various
99	cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
100
101	%package perl
102	Summary: Perl scripts provided with OpenSSL
103	Group: System/Libraries
104	Requires: %{name}%{?_isa} = %{version}-%{release}
105	Conflicts: %name <= 1.0.2h-1.mga6
106
107	%description perl
108	OpenSSL is a toolkit for supporting cryptography. The openssl-perl
109	package provides Perl scripts for converting certificates and keys
110	from other formats to the formats used by the OpenSSL toolkit.
111
112	%prep
113	%setup -q
114
115	cp %{SOURCE12} crypto/ec/
116	cp %{SOURCE13} test/
117
118	%patch1 -p1 -b .build
119	%patch2 -p1 -b .default
120	%patch3 -p1 -b .no-html
121	%patch4 -p1 -b .man-rename
122
123	%patch21 -p1 -b .issuer-hash
124
125	%patch31 -p1 -b .ca-dir
126	%patch32 -p1 -b .version-add-engines
127	%patch33 -p1 -b .dgst
128	%patch36 -p1 -b .no-brainpool
129	%patch37 -p1 -b .curves
130	%patch38 -p1 -b .no-weak-verify
131	%patch40 -p1 -b .disable-ssl3
132	%patch41 -p1 -b .system-cipherlist
133	%patch45 -p1 -b .weak-ciphers
134	%patch46 -p1 -b .seclevel
135	%patch47 -p1 -b .ts-sha256-defaul
136	%patch49 -p1 -b .evp-kdf
137	%patch50 -p1 -b .ssh-kdf
138
139	#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
140
141	%build
142	%serverbuild
143
144	# Figure out which flags we want to use.
145	# default
146	sslarch=%{_os}-%{_target_cpu}
147	%ifarch %ix86
148	sslarch=linux-elf
149	if ! echo %{_target} \| grep -q i[56]86 ; then
150	sslflags="no-asm 386"
151	fi
152	%endif
153	%ifarch x86_64
154	sslflags=enable-ec_nistp_64_gcc_128
155	%endif
156	%ifarch %{arm}
157	sslarch=linux-armv4
158	%endif
159
160	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
161	# marked as not requiring an executable stack.
162	# Also add -DPURIFY to make using valgrind with openssl easier as we do not
163	# want to depend on the uninitialized memory as a source of entropy anyway.
164	RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
165
166	# ia64, x86_64, ppc, ppc64 are OK by default
167	# Configure the build tree. Override OpenSSL defaults with known-good defaults
168	# usable on all platforms. The Configure script already knows to use -fPIC and
169	# RPM_OPT_FLAGS, so we can skip specifiying them here.
170	./Configure \
171	--prefix=%{_prefix} \
172	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
173	--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
174	%if %with_krb5
175	--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
176	%endif
177	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
178	enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
179	enable-weak-ssl-ciphers \
180	no-mdc2 no-ec2m no-sm2 no-sm4 \
181	shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
182
183	util/mkdef.pl crypto update
184
185	make all
186
187	%check
188	%ifnarch %ix86
189
190	(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) \|\| \
191	(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
192	sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
193	touch -r configdata.pm configdata.pm.new && \
194	mv -f configdata.pm.new configdata.pm)
195
196	# We must revert patch31 before tests otherwise they will fail
197	patch -p1 -R < %{PATCH31}
198
199	export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
200	export OPENSSL_ENABLE_MD5_VERIFY=
201	export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
202
203	make test
204	%endif
205
206	%install
207	%make_install
208
209	# make the rootcerts dir
210	install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
211
212	# Install a makefile for generating keys and self-signed certs, and a script
213	# for generating them on the fly.
214	mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
215	install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
216	install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
217	install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
218
219	# Move runable perl scripts to bindir
220	mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
221	mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
222
223	install -d %{buildroot}%{_sysconfdir}/pki/CA
224	install -d %{buildroot}%{_sysconfdir}/pki/CA/private
225	install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
226	install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
227	install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
228
229	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
230	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
231
232	# fix man pages conflicts with other packages
233	for i in passwd rand ; do
234	mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
235	done
236
237	%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
238
239	# nuke rpath
240	chrpath -d %{buildroot}%{_bindir}/openssl
241
242	# Fix libdir.
243	for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
244	sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
245	done
246
247	# adjust ssldir
248	perl -pi -e "s\|^\\\$CATOP\=\".*\|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";\|g" %{buildroot}%{_bindir}/CA.pl
249	perl -pi -e "s\|\./demoCA\|%{_sysconfdir}/pki/tls\|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
250
251	%files
252	%doc FAQ INSTALL LICENSE NEWS README*
253	%dir %{_sysconfdir}/pki
254	%dir %{_sysconfdir}/pki/tls
255	%dir %{_sysconfdir}/pki/tls/certs
256	%dir %{_sysconfdir}/pki/tls/misc
257	%dir %{_sysconfdir}/pki/tls/private
258	%dir %{_sysconfdir}/pki/tls/rootcerts
259	%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
260	%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
261	%{_sysconfdir}/pki/tls/certs/Makefile
262	%{_bindir}/make-dummy-cert
263	%{_bindir}/renew-dummy-cert
264	%{_bindir}/openssl
265	%{_mandir}/man[157]/*
266	%exclude %{_mandir}/man1/rehash*
267	%exclude %{_mandir}/man1/.pl*
268	%exclude %{_mandir}/man1/tsget*
269
270	%files -n %{libname}
271	%doc FAQ LICENSE NEWS README*
272	%{_libdir}/lib*.so.%{maj}
273	%{_libdir}/engines-%{maj}
274
275	%files -n %{develname}
276	%doc CHANGES doc/*
277	%dir %{_includedir}/openssl
278	%multiarch %{multiarch_includedir}/openssl/opensslconf.h
279	%{_includedir}/openssl
280	%{_libdir}/lib*.so
281	%{_mandir}/man3/*
282	%{_libdir}/pkgconfig/*.pc
283
284	%files -n %{staticname}
285	%{_libdir}/lib*.a
286
287	%files perl
288	%{_bindir}/c_rehash
289	%{_bindir}/*.pl
290	%{_bindir}/tsget
291	%{_mandir}/man1/rehash*
292	%{_mandir}/man1/.pl*
293	%{_mandir}/man1/tsget*
294	%dir %{_sysconfdir}/pki/CA
295	%dir %{_sysconfdir}/pki/CA/private
296	%dir %{_sysconfdir}/pki/CA/certs
297	%dir %{_sysconfdir}/pki/CA/crl
298	%dir %{_sysconfdir}/pki/CA/newcerts