From owner-freebsd-questions@freebsd.org Thu Feb 8 15:09:38 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9211DF0AF84 for ; Thu, 8 Feb 2018 15:09:38 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 254246C3BD for ; Thu, 8 Feb 2018 15:09:37 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 0F03513DDA for ; Thu, 8 Feb 2018 15:09:36 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/0F03513DDA; dkim=none; dkim-atps=neutral Subject: Re: upgrade now have two openssl versions To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <2d09eda4-0407-013f-da4e-f333b3b59b1a@FreeBSD.org> Date: Thu, 8 Feb 2018 15:09:35 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 15:09:38 -0000 On 08/02/2018 14:40, David Mehler wrote: > I just upgraded a 10.3 server to 11.1. I've now got two openssl > versions the one in base which openssl version reports as openssl > 1.0.2k, and an installed port which pkg info reports as 1.0.2n. How do > I get openssl and the system to use and to link against the newer > version? > If you are using the pre-compiled pkgs from the FreeBSD project, then you can't. Those packages will always use the default openssl, which for 11.1 is still the base version of openssl. If you are compiling your own packages either via poudriere or otherwise, then you can use the DEFAULT_VERSIONS variable in make.conf: DEFAULT_VERSIONS+= ssl=openssl That will cause all of the ports to be linked against the security/openssl port. There are some complications if you're using GSSAPI or Kerberos, where there are other blocks of code that can come from either base and ports and you need to make sure everything is consistent -- ie. either use all ports, or use all base. Note that switching between ports and base openssl support benefits greatly from clean-room build methods (eg. poudriere): the simple presence of the ports version of openssl on your build system will prevent you from compiling against the base system version of openssl. See /usr/ports/Mk/bsd.default-versions.mk and /usr/ports/Mk/Uses/ssl.mk for all the gory details. Cheers, Matthew