From nobody Mon Nov 27 16:16:36 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sf9hL4NZ7z52Kgh
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 27 Nov 2023 16:16:50 +0000 (UTC)
	(envelope-from yaneurabeya@gmail.com)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Sf9hL2ly7z4f80
	for <freebsd-hackers@freebsd.org>; Mon, 27 Nov 2023 16:16:50 +0000 (UTC)
	(envelope-from yaneurabeya@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1cfc2bcffc7so10183915ad.1
        for <freebsd-hackers@freebsd.org>; Mon, 27 Nov 2023 08:16:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1701101808; x=1701706608; darn=freebsd.org;
        h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
         :from:content-transfer-encoding:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BAaC8EsEMk/IfhN0galbmANDCEnZbmy5eKALMcWassc=;
        b=R362MKGKHpuFL6V7LXynxAqEo1+aFAXd14uVutS4xPodKsJNWb7UmRHlwi0/nsRgwe
         OC0iDPLJc5dl/5cMJcOa0SHszQTg9dsU8V2uY0BWbZ3opLCvPFS4pq84KkuHF8YOcYz/
         QZmOCDnxX9oe2s9wHfVu94N5KuEqCvblm9h/bawVF8+53H0B7LckovlaekKdef+9ZJli
         3Fab3tDyc3wxj+VfuKEFH6QireqNy+cKP0DeDo9Kw2B6LmTUJi2fH9dc5VPbd4vTzTuv
         PiB6HcMF53RX2FwNqVzFbCGEDlKTNOqU7LTSHbquhGqllTfTJIxV7lpSieDgfZ/paUeb
         zp1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701101808; x=1701706608;
        h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
         :from:content-transfer-encoding:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=BAaC8EsEMk/IfhN0galbmANDCEnZbmy5eKALMcWassc=;
        b=OLtjwQjag6NT4zY6ojvaKlb/+FcgIhLanOBmQnjycFGRbX6Ttqv0XQcn1RtmTNBluQ
         ub9Qmh2wrviwou3T9fUI8Ce5aA+OoMSm7lLYCE3VEuXC2l1gkbm9YUnMI/JKufaEXepo
         x+EjAIonz42oGkHymqfgzkhQmFFtRozK1e2WDTJX0UFkrx4/I4STBiM0bOBG4wbYnWLI
         hhiIlWzCuDaF2GNb8VJVZVete5RWdRaiAjkaAiwslxHegoCVvVq9s//qaE35i4zbg2sW
         Qk8Fpgs8LFAGwRRm1u/cIXBGCW6rIGo/aHmrZF+6xcTnl2zI5bGDAE3cTIMkCGULwknS
         xJaw==
X-Gm-Message-State: AOJu0YyIsryFS9z7RQG4P4BGpQpih3mbWsTXhJTOTCl+6JBfg1AZM2c/
	I2rJPOav1/m1eegl/j9qtSo=
X-Google-Smtp-Source: AGHT+IEUd+ljT7XHSeNDvYoeZXWCR6wjG4ExQR3t0mmLgFjekTsA3oEXLO1J58MBR+4TRq0kfsBVfA==
X-Received: by 2002:a17:903:2448:b0:1cf:c67f:8212 with SMTP id l8-20020a170903244800b001cfc67f8212mr4982163pls.50.1701101808432;
        Mon, 27 Nov 2023 08:16:48 -0800 (PST)
Received: from smtpclient.apple (c-73-35-248-51.hsd1.wa.comcast.net. [73.35.248.51])
        by smtp.gmail.com with ESMTPSA id p5-20020a1709028a8500b001cfee4c1226sm19638plo.143.2023.11.27.08.16.47
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 27 Nov 2023 08:16:47 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Enji Cooper <yaneurabeya@gmail.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
Mime-Version: 1.0 (1.0)
Subject: Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2
Date: Mon, 27 Nov 2023 08:16:36 -0800
Message-Id: <37CF9198-4CEA-4825-BE4B-7D6709DFFCD2@gmail.com>
References: <dc4451da-3740-a842-0b67-e8a47d4b9d85@grosbein.net>
Cc: Timothy Legge <timlegge@gmail.com>, freebsd-hackers@freebsd.org
In-Reply-To: <dc4451da-3740-a842-0b67-e8a47d4b9d85@grosbein.net>
To: Eugene Grosbein <eugen@grosbein.net>
X-Mailer: iPhone Mail (21B91)
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4Sf9hL2ly7z4f80


> On Nov 26, 2023, at 20:15, Eugene Grosbein <eugen@grosbein.net> wrote:
>=20
> =EF=BB=BF27.11.2023 8:00, Timothy Legge wrote:
>=20
>> I have been updating a Perl CPAN module for OpenSSL v3. and ran into
>> an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
>> installed.
>>=20
>> So clean install and then install v3 via sudo pkg install openssl31
>>=20
>> When I build Crtpt::OpenSSL::Blowfish (from
>> https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with:
>>=20
>> perl Makefile.PL
>> make
>>=20
>> It builds and links against openssl3.1.4
>>=20
>> When I attempt:
>>=20
>> make test
>>=20
>> It attempts to load the openssl 1.1.1t library.
>>=20
>> If I do:
>>=20
>> export set OPENSSL_PREFIX=3D/usr
>>=20
>> and add the following line to the Makefile.PL then
>> OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it:
>>=20
>> $args{CCFLAGS} =3D openssl_lib_paths();
>>=20
>> So, is there a way on FreeBSD to figure out which openssl version is
>> the default?  Is there a method that you can think of that can solve
>> the linking/run issue without requiring the OPENSSL_PREFIX to be set
>> for Crypt::OpenSSL::Guess's benefit.
>>=20
>> Any ideas are greatly appreciated.
>=20
> If you are making a port then you should respect ssl=3Dbase/openssl111/wha=
tever
> user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in por=
t's Makefile:
>=20
> .if ${SSL_DEFAULT} =3D=3D openssl111
> ...
> endif
>=20
> If you want to provide packages for different openssl versions,
> you may consider adding FLAVORS to the port:
>=20
> FLAVORS=3D        base openssl111 openssl30
> openssl111_PKGNAMESUFFIX=3D       -${FLAVOR}
> openssl30_PKGNAMESUFFIX=3D        -${FLAVOR}
>=20
> .include <bsd.port.options.mk>
> .if ${SSL_DEFAULT} =3D=3D openssl30
> FLAVOR=3D openssl30
> .endif
>=20
> # For OpenSSL 3.0.x in base (14+) or installed as port/package
> .if ${OSVERSION} >=3D 1400092 || ${FLAVOR:U} =3D=3D openssl30
> ...
> # For OpenSSL 1.1.x in base or installed as port/package
> .else
> ...
> .endif
>=20
> This is just an example and you may want to support more openssl versions w=
e have in ports.

I honestly think FLAVORS OpenSSL support should be added to ports . It would=
 make some things considerably easier for self-standing apps (it would still=
 be largely impossible if/when base system libraries like kerberos5 are link=
ed in, though).
Cheers,
-Enji=