Date: Thu, 29 Sep 2005 11:05:33 +0200 From: Mark Edwards <mark@antsclimbtree.com> To: Gary Kline <kline@tao.thought.org> Cc: ports@freebsd.org, questions@freebsd.org, Daniel Gerzo <danger@rulez.sk> Subject: Re: openssl 0.9.8 breaking things Message-ID: <4DDAC70C-591E-4FEB-A497-9ECB22F348F1@antsclimbtree.com> In-Reply-To: <20050928172602.GA93571@thought.org> References: <53367.62.127.24.11.1127925707.squirrel@secure.antsclimbtree.com> <1202482124.20050928184803@rulez.sk> <20050928172602.GA93571@thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 28, 2005, at 7:26 PM, Gary Kline wrote: > On Wed, Sep 28, 2005 at 06:48:03PM +0200, Daniel Gerzo wrote: > >> Hello Mark, >> >> Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to >> our collective wisdom: >> >>> Just upgraded to openssl 0.9.8 and things are breaking, namely >>> exim and >>> cyrus-imap. Non-SSL connections work, SSL connections cause a >>> segfault. >>> >> >>> I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is >>> there >>> some way to make this work with 0.9.8? Have I totally missed >>> something >>> here? >>> >> >> you need to recompile your software (exim,cyrus-imap,...) against new >> openssl libs. > > I'll toss in my two cents here just FWIW. I had troubles > with all sorts of sh* (stuff) breaking when I touched openssl. > > I had not---or maybe I did, inadvertently--used the openssl > "port". I *had* to use /usr/src/secure/openssl/<<whatever>>; > when applications began breaking. I pkg_deleted openssl > and rebuilt the native /usr/src/* stuff. These apps are > tightly interdependent; that's why you are seeing things > break. > > This may or may not work generally. It cost me at least > a day's investigation ... and I'm *still* not sure that > everything's right. I think I have a clue as to why this is becoming complicated. I didn't have either WITH_OPENSSL_BASE=yes or WITH_OPENSSL_PORT=yes in / etc/make.conf. What must be happening is that some things are using the base openssl, and some are using the port, which is causing a conflict. That's my guess. For whatever reason, the 0.9.7g port doesn't cause a conflict, whereas 0.9.8 does. I don't really see the point of having the openssl port installed, in my case. Its only installed because some port wanted it and built it, and I didn't have WITH_OPENSSL_BASE=yes set. So, I'm now going to set WITH_OPENSSL_BASE=yes, remove the openssl port, and rebuild everything that depended upon the openssl port. Can anyone either refute any of the above guesses, or tell me why I am a fool to go with the base openssl rather than the port? Thanks! -- Mark Edwards mark@antsclimbtree.com cell: +46704070332
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DDAC70C-591E-4FEB-A497-9ECB22F348F1>