Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 Mar 2012 23:53:39 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@freebsd.org
Subject:   Re: openssl from ports
Message-ID:  <4F515D83.9070501@infracaninophile.co.uk>
In-Reply-To: <867gz2vdtg.fsf@red.stonehenge.com>
References:  <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9B1F8AD61716B8DE40D06C66
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 02/03/2012 22:27, Randal L. Schwartz wrote:

> Ahh, according to my read of /usr/ports/Mk/bsd.openssl.mk,
> it looks like:
>=20
>     #       if no preference was set, check for an installed base versi=
on
>     #       but give an installed port preference over it.
>     .if     !defined(WITH_OPENSSL_BASE) && \
>             !defined(WITH_OPENSSL_PORT) && \
>             !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \
>             exists(${DESTDIR}/usr/include/openssl/opensslv.h)
>     WITH_OPENSSL_BASE=3Dyes
>     .endif
>=20
> and later
>=20
>     .if exists(${LOCALBASE}/lib/libcrypto.so)
>     check-depends::
>             @${ECHO_CMD} "Dependency error: this port wants the OpenSSL=

>             library from the FreeBSD"
>             @${ECHO_CMD} "base system. You can't build against it, whil=
e a
>             newer"
>             @${ECHO_CMD} "version is installed by a port."
>             @${ECHO_CMD} "Please deinstall the port or undefine
>             WITH_OPENSSL_BASE."
>             @${FALSE}
>     .endif
>=20
> So it looks like modern FreeBSD will Do The Right Thing if I just
> recompile the apache22 port.  Once I knew what to look for, I found it
> with a bit of grepping.

You do need WITH_OPENSSL_PORT=3Dyes in /etc/make.conf or equivalent; just=

installing security/openssl alone will cause any port that links against
openssl shlibs to emit rude messages.

Also, beware of any apache modules that might link against openssl in
their own right which should also be rebuild to use the ports version --
the classic example here is php5-openssl loaded via mod_php -- but there
are many ways of doing this.  Trying to load two different OpenSSL
shlibs into the same execution image causes instant crash and burn.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enig9B1F8AD61716B8DE40D06C66
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9RXYQACgkQ8Mjk52CukIwhJQCfbtk+1RLdr5I8uAMLw0yMfCzJ
51wAnRBqPJtDBRXxzHGAPS0AnWCX0sOY
=xdWz
-----END PGP SIGNATURE-----

--------------enig9B1F8AD61716B8DE40D06C66--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4F515D83.9070501>