From owner-freebsd-questions@FreeBSD.ORG Tue Apr 15 15:28:46 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0905837B401 for ; Tue, 15 Apr 2003 15:28:46 -0700 (PDT) Received: from pop017.verizon.net (pop017pub.verizon.net [206.46.170.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 163B443FA3 for ; Tue, 15 Apr 2003 15:28:45 -0700 (PDT) (envelope-from mij@soupnazi.org) Received: from envy.homeunix.com ([4.47.69.211]) by pop017.verizon.net (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with ESMTP id <20030415222844.SEJC1817.pop017.verizon.net@envy.homeunix.com>; Tue, 15 Apr 2003 17:28:44 -0500 Received: from soupnazi.org (lust.pdx.soupnazi.org [192.168.1.2]) by envy.homeunix.com (8.12.8p1/8.12.8) with ESMTP id h3FMShln036927; Tue, 15 Apr 2003 15:28:43 -0700 (PDT) (envelope-from mij@soupnazi.org) Date: Tue, 15 Apr 2003 15:28:34 -0700 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) To: "Jack L. Stone" From: Jim Mock In-Reply-To: <3.0.5.32.20030415151453.014239d0@sage-one.net> Message-Id: <97EFB64A-6F91-11D7-9B49-000393460DB2@soupnazi.org> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.552) X-Authentication-Info: Submitted using SMTP AUTH at pop017.verizon.net from [4.47.69.211] at Tue, 15 Apr 2003 17:28:43 -0500 cc: Kill the Penguin cc: freebsd-questions@freebsd.org Subject: Re: The chicken and the OpenSSL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 22:28:46 -0000 On Tuesday, April 15, 2003, at 01:14 PM, Jack L. Stone wrote: > At 12:51 PM 4.15.2003 -0700, Jim Mock wrote: >> On Tue, 15 Apr 2003 at 10:37:48 -0700, Kill the Penguin wrote: >>> I'm currently running 4.7-RELEASE-p10. I attempted to install, but >>> it is dependant on openssl-0.9.7a. Unfortunately the installed >>> version is openssl-0.9.6i. This will result in two parallel >>> installations of openssl which is not the end of the world, but not >>> desired. In the past I attempted to use only openssl in the ports >>> collection, but using NO_OPENSSL results in failed buildworlds. >>> >>> So I attempted to update the src-crypto and src-secure portions of >>> the src tree and *just* build these components. It doesn't appear >>> that REL_ENG_4_7 contains the latest version of openssl. >>> >>> Is there a method to keep up with OpenSSL without having to parallel >>> installations? It appears you can't unhook the base installation >>> from the system, and I'm not sure forcing the ports version into >>> /usr is going to be a great idea. Anyone solve this problem? >> >> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE >> install > > I have the same situation, but have already installed apache13-modssl > from ports which loads up openssl-0.9.7a okay when starting > Apache+mod_ssl. What whould be the effect of running Jim's "overwite" > of the old base openssl now at this stage to get down to the one > version...? Do I need to start over....?? Good question. I'm not really sure :-) Your best bet is to probably try it out on a non-production box if you have one and see what happens. At the very worst, you may have to rebuild mod_ssl after installing the OpenSSL port, but apache shouldn't have to be touched. - jim -- - jim mock. email: mij@soupnazi.org web: http://soupnazi.org - - freebsd project: jim@FreeBSD.org opendarwin: mij@opendarwin.org -