From owner-freebsd-questions@FreeBSD.ORG Fri Mar 2 23:53:44 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94846106566C for ; Fri, 2 Mar 2012 23:53:44 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 131748FC08 for ; Fri, 2 Mar 2012 23:53:43 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q22NreIH004293 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 2 Mar 2012 23:53:40 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.4.3 smtp.infracaninophile.co.uk q22NreIH004293 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1330732420; bh=/6K4+UrkhKQNlkJcrHG+dMO82NCjdpBHQydR2DZSTHM=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Cc; b=ew4boG+H6zfVA2M+W0vh/qDAz+UXSppK3a2XnNi2my3igLbtGdHYcISJ6d1JOF13u v5HK/Rxfx6m6e9IwMcAI9PDvddx1tvQk9dM7IpwuVmbARuaQA5tClpai5C7vbf2U7x cocoZvyHd5rDGj50tzBTspysha+xduKbdlznlvXE= Message-ID: <4F515D83.9070501@infracaninophile.co.uk> Date: Fri, 02 Mar 2012 23:53:39 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com> In-Reply-To: <867gz2vdtg.fsf@red.stonehenge.com> X-Enigmail-Version: 1.3.5 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9B1F8AD61716B8DE40D06C66" X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: openssl from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2012 23:53:44 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9B1F8AD61716B8DE40D06C66 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 02/03/2012 22:27, Randal L. Schwartz wrote: > Ahh, according to my read of /usr/ports/Mk/bsd.openssl.mk, > it looks like: >=20 > # if no preference was set, check for an installed base versi= on > # but give an installed port preference over it. > .if !defined(WITH_OPENSSL_BASE) && \ > !defined(WITH_OPENSSL_PORT) && \ > !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ > exists(${DESTDIR}/usr/include/openssl/opensslv.h) > WITH_OPENSSL_BASE=3Dyes > .endif >=20 > and later >=20 > .if exists(${LOCALBASE}/lib/libcrypto.so) > check-depends:: > @${ECHO_CMD} "Dependency error: this port wants the OpenSSL= > library from the FreeBSD" > @${ECHO_CMD} "base system. You can't build against it, whil= e a > newer" > @${ECHO_CMD} "version is installed by a port." > @${ECHO_CMD} "Please deinstall the port or undefine > WITH_OPENSSL_BASE." > @${FALSE} > .endif >=20 > So it looks like modern FreeBSD will Do The Right Thing if I just > recompile the apache22 port. Once I knew what to look for, I found it > with a bit of grepping. You do need WITH_OPENSSL_PORT=3Dyes in /etc/make.conf or equivalent; just= installing security/openssl alone will cause any port that links against openssl shlibs to emit rude messages. Also, beware of any apache modules that might link against openssl in their own right which should also be rebuild to use the ports version -- the classic example here is php5-openssl loaded via mod_php -- but there are many ways of doing this. Trying to load two different OpenSSL shlibs into the same execution image causes instant crash and burn. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig9B1F8AD61716B8DE40D06C66 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9RXYQACgkQ8Mjk52CukIwhJQCfbtk+1RLdr5I8uAMLw0yMfCzJ 51wAnRBqPJtDBRXxzHGAPS0AnWCX0sOY =xdWz -----END PGP SIGNATURE----- --------------enig9B1F8AD61716B8DE40D06C66--