From owner-freebsd-ports@freebsd.org Mon Aug 21 15:30:33 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C7C9DE2B6D for ; Mon, 21 Aug 2017 15:30:33 +0000 (UTC) (envelope-from david@dafnet.se) Received: from datawebb.dafcorp.net (unknown [IPv6:2001:470:6c08:13::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0BA4274374 for ; Mon, 21 Aug 2017 15:30:32 +0000 (UTC) (envelope-from david@dafnet.se) Received: from [172.16.98.137] (195-198-171-84.customer.telia.com [195.198.171.84]) by datawebb.dafcorp.net (Postfix) with ESMTPSA id 0F418EA6 for ; Mon, 21 Aug 2017 17:30:29 +0200 (CEST) Subject: Re: security/libressl: Add the possibility to build only libtls To: freebsd-ports@freebsd.org References: <0f189ca5-76d8-f05c-b03c-31ff5e8a3113@dafnet.se> <7955B809-2697-47FF-8525-C72FAC15EE93@lastsummer.de> <279d14f1-4c33-e16c-0740-714cd6ff3a24@FreeBSD.org> From: David Wahlund Message-ID: <84159c2e-0aa1-c847-6b00-bde5f52aff93@dafnet.se> Date: Mon, 21 Aug 2017 17:30:29 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <279d14f1-4c33-e16c-0740-714cd6ff3a24@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Aug 2017 15:30:33 -0000 On 2017-08-21 16:55, Mathieu Arnold wrote: > Le 21/08/2017 à 12:03, Franco Fichtner a écrit : >>> On 21. Aug 2017, at 11:59 AM, David Wahlund wrote: >>> >>> I'd like to use the libtls library of LibreSSL on FreeBSD. Or the python bindings to libtls specifically. I do NOT however want to replace openssl or use the libssl library. >>> >>> From what I understand it would be possible in practice as I assume it's only libssl that overwrites files used by openssl. >>> >>> Would it be possible to create an option in LibreSSL, or preferably make a separate port, for libtls only? That way future ports can depend on libtls only. For example a future python-libtls port could depend on that. >> >> Unless you build your own packages with OpenSSL from ports >> you can just install LibreSSL and use it in your programs... >> >> # pkg install libressl >> >> OpenSSL lives in the base system, LibreSSL will be an optional >> install under /usr/local. > > > That is not quite true. As soon as you install openssl, openssl-devel, > or libressl or libressl-devel, the ports framework will use it whenever > you build something that needs SSL from the ports tree. > > > If you truly want to have libressl but do not want to use it for > building ports, you will need to install it in a separate PREFIX. > > Well the problem is that libressl is TWO libraries (actually three but nm). One that replaces openssl (libssl) and one that doesn't (libtls). However the libtls has shared dependencies with libssl. I DO want to use libtls for ports that has that dependency, but NOT use it to replace openssl. Libtls CAN be a separate dependency in parallel to openssl from what I understand. But now the libressl port conflicts with the openssl port even though parts of it is not in conflict and I don't think the shared parts between libssl and libtls are in conflict with openssl. But I might be wrong. So what I'm looking for is a way to use libtls but NOT use libssl.