From owner-freebsd-security@FreeBSD.ORG  Thu May  1 14:34:05 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0C87C7BC;
 Thu,  1 May 2014 14:34:05 +0000 (UTC)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM
 [IPv6:2605:8e00:100:41::81])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D5B6D128A;
 Thu,  1 May 2014 14:34:03 +0000 (UTC)
Received: from [10.20.30.90] (50-1-98-25.dsl.dynamic.sonic.net [50.1.98.25])
 (authenticated bits=0)
 by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s41EXxlM051016
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
 Thu, 1 May 2014 07:34:01 -0700 (MST)
 (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host
 50-1-98-25.dsl.dynamic.sonic.net [50.1.98.25] claimed to be [10.20.30.90]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: ports requiring OpenSSL not honouring OpenSSL from ports
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <53621BE0.4040704@geminix.org>
Date: Thu, 1 May 2014 07:33:58 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <15864901-C372-43A8-A6E6-BF0AF73F2EC6@vpnc.org>
References: <201404271508.s3RF8sMA014085@catnip.dyslexicfish.net>
 <CACdU+f_Wo6VDcJkn6tmF8MTU49=rnJM7SB6XxofGZVdukSarHA@mail.gmail.com>
 <201404272250.s3RMo2NZ095771@catnip.dyslexicfish.net>
 <445CDD31-5A11-4F5E-92DE-CB11A10E9BDE@odo.in-berlin.de>
 <5361896C.7010703@bluerosetech.com> <53621BE0.4040704@geminix.org>
To: Uwe Doering <gemini@geminix.org>
X-Mailer: Apple Mail (2.1874)
X-Mailman-Approved-At: Thu, 01 May 2014 15:24:02 +0000
Cc: freebsd-security@freebsd.org,
 "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 14:34:05 -0000

On May 1, 2014, at 3:03 AM, Uwe Doering <gemini@geminix.org> wrote:

> I indeed wondered why this variable hadn't been mentioned so far. =
Guys,
> you do have "WITH_OPENSSL_PORT=3Dyes" in your "/etc/make.conf", =
haven't you?
>=20
> Because otherwise the whole thread might be considered a false alert.
> The ports system does not link with the ports' OpenSSL of its own
> accord. Or at least not in a reliable/predictable manner. You have to
> explicitly tell it what you want.

Please consider whether it is appropriate to chide people for not =
knowing about an *undocumented* feature of make.conf.

I'll turn in a pr for it.

--Paul HOffman=