From owner-freebsd-questions@FreeBSD.ORG Tue Apr 15 16:31:56 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40F8037B401 for ; Tue, 15 Apr 2003 16:31:56 -0700 (PDT) Received: from sage-one.net (adsl-65-71-135-137.dsl.crchtx.swbell.net [65.71.135.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0170643FA3 for ; Tue, 15 Apr 2003 16:31:55 -0700 (PDT) (envelope-from jackstone@sage-one.net) Received: from sagea (adsl-65-68-247-73.dsl.crchtx.swbell.net [65.68.247.73]) by sage-one.net (8.12.6/8.12.6) with SMTP id h3FNUrAT066407; Tue, 15 Apr 2003 18:30:53 -0500 (CDT) (envelope-from jackstone@sage-one.net) Message-Id: <3.0.5.32.20030415183102.01415200@sage-one.net> X-Sender: jackstone@sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 15 Apr 2003 18:31:02 -0500 To: Jim Mock From: "Jack L. Stone" In-Reply-To: <97EFB64A-6F91-11D7-9B49-000393460DB2@soupnazi.org> References: <3.0.5.32.20030415151453.014239d0@sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, hits=-1.3 required=4.5 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01 version=2.44-sageamerules_v1 cc: Kill the Penguin cc: freebsd-questions@freebsd.org Subject: Re: The chicken and the OpenSSL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 23:31:56 -0000 At 03:28 PM 4.15.2003 -0700, Jim Mock wrote: >On Tuesday, April 15, 2003, at 01:14 PM, Jack L. Stone wrote: >> At 12:51 PM 4.15.2003 -0700, Jim Mock wrote: >>> On Tue, 15 Apr 2003 at 10:37:48 -0700, Kill the Penguin wrote: >>>> I'm currently running 4.7-RELEASE-p10. I attempted to install, but >>>> it is dependant on openssl-0.9.7a. Unfortunately the installed >>>> version is openssl-0.9.6i. This will result in two parallel >>>> installations of openssl which is not the end of the world, but not >>>> desired. In the past I attempted to use only openssl in the ports >>>> collection, but using NO_OPENSSL results in failed buildworlds. >>>> >>>> So I attempted to update the src-crypto and src-secure portions of >>>> the src tree and *just* build these components. It doesn't appear >>>> that REL_ENG_4_7 contains the latest version of openssl. >>>> >>>> Is there a method to keep up with OpenSSL without having to parallel >>>> installations? It appears you can't unhook the base installation >>>> from the system, and I'm not sure forcing the ports version into >>>> /usr is going to be a great idea. Anyone solve this problem? >>> >>> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE >>> install >> >> I have the same situation, but have already installed apache13-modssl >> from ports which loads up openssl-0.9.7a okay when starting >> Apache+mod_ssl. What whould be the effect of running Jim's "overwite" >> of the old base openssl now at this stage to get down to the one >> version...? Do I need to start over....?? > >Good question. I'm not really sure :-) Your best bet is to probably >try it out on a non-production box if you have one and see what >happens. At the very worst, you may have to rebuild mod_ssl after >installing the OpenSSL port, but apache shouldn't have to be touched. > >- jim > But, the more I thought about it, by tracking RELENG_4_7, another problem jumps up because until and unless the base system is updated with openssl-0.9.7a, each update of the OS will put back the old version of openssl, unless there is a line that can be placed in make.conf to avoid that...?? At least at the moment, the system is loading the right version -- openssl-0.9.7a, so guess if it ain't broke....etc., etc. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net