Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Apr 2003 18:31:02 -0500
From:      "Jack L. Stone" <jackstone@sage-one.net>
To:        Jim Mock <mij@soupnazi.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: The chicken and the OpenSSL
Message-ID:  <3.0.5.32.20030415183102.01415200@sage-one.net>
In-Reply-To: <97EFB64A-6F91-11D7-9B49-000393460DB2@soupnazi.org>
References:  <3.0.5.32.20030415151453.014239d0@sage-one.net>

next in thread | previous in thread | raw e-mail | index | archive | help
At 03:28 PM 4.15.2003 -0700, Jim Mock wrote:
>On Tuesday, April 15, 2003, at 01:14  PM, Jack L. Stone wrote:
>> At 12:51 PM 4.15.2003 -0700, Jim Mock wrote:
>>> On Tue, 15 Apr 2003 at 10:37:48 -0700, Kill the Penguin wrote:
>>>> I'm currently running 4.7-RELEASE-p10. I attempted to install, but 
>>>> it is dependant on openssl-0.9.7a.  Unfortunately the installed 
>>>> version is openssl-0.9.6i. This will result in two parallel 
>>>> installations of openssl which is not the end of the world, but not 
>>>> desired. In the past I attempted to use only openssl in the ports 
>>>> collection, but using NO_OPENSSL results in failed buildworlds.
>>>>
>>>> So I attempted to update the src-crypto and src-secure portions of 
>>>> the src tree and *just* build these components. It doesn't appear 
>>>> that REL_ENG_4_7 contains the latest version of openssl.
>>>>
>>>> Is there a method to keep up with OpenSSL without having to parallel 
>>>> installations? It appears you can't unhook the base installation 
>>>> from the system, and I'm not sure forcing the ports version into 
>>>> /usr is going to be a great idea. Anyone solve this problem?
>>>
>>> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE 
>>> install
>>
>> I have the same situation, but have already installed apache13-modssl 
>> from ports which loads up openssl-0.9.7a okay when starting 
>> Apache+mod_ssl. What whould be the effect of running Jim's "overwite" 
>> of the old base openssl now at this stage to get down to the one 
>> version...? Do I need to start over....??
>
>Good question.  I'm not really sure :-)  Your best bet is to probably 
>try it out on a non-production box if you have one and see what 
>happens.  At the very worst, you may have to rebuild mod_ssl after 
>installing the OpenSSL port, but apache shouldn't have to be touched.
>
>- jim
>

But, the more I thought about it, by tracking RELENG_4_7, another problem
jumps up because until and unless the base system is updated with
openssl-0.9.7a, each update of the OS will put back the old version of
openssl, unless there is a line that can be placed in make.conf to avoid
that...??

At least at the moment, the system is loading the right version --
openssl-0.9.7a, so guess if it ain't broke....etc., etc.

Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20030415183102.01415200>