Date: Mon, 27 Nov 2023 08:16:36 -0800 From: Enji Cooper <yaneurabeya@gmail.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: Timothy Legge <timlegge@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2 Message-ID: <37CF9198-4CEA-4825-BE4B-7D6709DFFCD2@gmail.com> In-Reply-To: <dc4451da-3740-a842-0b67-e8a47d4b9d85@grosbein.net> References: <dc4451da-3740-a842-0b67-e8a47d4b9d85@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Nov 26, 2023, at 20:15, Eugene Grosbein <eugen@grosbein.net> wrote: >=20 > =EF=BB=BF27.11.2023 8:00, Timothy Legge wrote: >=20 >> I have been updating a Perl CPAN module for OpenSSL v3. and ran into >> an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3 >> installed. >>=20 >> So clean install and then install v3 via sudo pkg install openssl31 >>=20 >> When I build Crtpt::OpenSSL::Blowfish (from >> https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with: >>=20 >> perl Makefile.PL >> make >>=20 >> It builds and links against openssl3.1.4 >>=20 >> When I attempt: >>=20 >> make test >>=20 >> It attempts to load the openssl 1.1.1t library. >>=20 >> If I do: >>=20 >> export set OPENSSL_PREFIX=3D/usr >>=20 >> and add the following line to the Makefile.PL then >> OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it: >>=20 >> $args{CCFLAGS} =3D openssl_lib_paths(); >>=20 >> So, is there a way on FreeBSD to figure out which openssl version is >> the default? Is there a method that you can think of that can solve >> the linking/run issue without requiring the OPENSSL_PREFIX to be set >> for Crypt::OpenSSL::Guess's benefit. >>=20 >> Any ideas are greatly appreciated. >=20 > If you are making a port then you should respect ssl=3Dbase/openssl111/wha= tever > user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in por= t's Makefile: >=20 > .if ${SSL_DEFAULT} =3D=3D openssl111 > ... > endif >=20 > If you want to provide packages for different openssl versions, > you may consider adding FLAVORS to the port: >=20 > FLAVORS=3D base openssl111 openssl30 > openssl111_PKGNAMESUFFIX=3D -${FLAVOR} > openssl30_PKGNAMESUFFIX=3D -${FLAVOR} >=20 > .include <bsd.port.options.mk> > .if ${SSL_DEFAULT} =3D=3D openssl30 > FLAVOR=3D openssl30 > .endif >=20 > # For OpenSSL 3.0.x in base (14+) or installed as port/package > .if ${OSVERSION} >=3D 1400092 || ${FLAVOR:U} =3D=3D openssl30 > ... > # For OpenSSL 1.1.x in base or installed as port/package > .else > ... > .endif >=20 > This is just an example and you may want to support more openssl versions w= e have in ports. I honestly think FLAVORS OpenSSL support should be added to ports . It would= make some things considerably easier for self-standing apps (it would still= be largely impossible if/when base system libraries like kerberos5 are link= ed in, though). Cheers, -Enji=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37CF9198-4CEA-4825-BE4B-7D6709DFFCD2>