Date: Tue, 15 Apr 2003 17:43:47 -0700 (PDT) From: Kill the Penguin <admin@forkthepenguin.com> To: "Jack L. Stone" <jackstone@sage-one.net> Cc: dirk@freebsd.org Subject: Re: The chicken and the OpenSSL Message-ID: <Pine.BSI.4.44L.0304151708200.17839-100000@vp4.netgate.net> In-Reply-To: <3.0.5.32.20030415183102.01415200@sage-one.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> >>> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE
> >>> install
> >>
> >> I have the same situation, but have already installed apache13-modssl
> >> from ports which loads up openssl-0.9.7a okay when starting
> >> Apache+mod_ssl. What whould be the effect of running Jim's "overwite"
> >> of the old base openssl now at this stage to get down to the one
> >> version...? Do I need to start over....??
Eck, and the problems start. OK, I did a "make -DOPENSSL_OVERWRITE_BASE
install" of OpenSSL which was successful. I then attempted to build
apache13-modssl, unfortunately it ignores the fact that the correct
version of OpenSSL is already installed and tries to install it in
/usr/local. This is probably due to the fact it doesn't see
"openssl-0.9.7a_2" in /var/db/pkg. When you overwrite the base install of
OpenSSL, the package is registered as "openssl-overwrite-base-0.9.7a_2".
OK, let's trick make in the apache13-modssl directory to overwrite the
base install of OpenSSL even though we just did.
devil# pwd
/usr/ports/www/apache13-modssl
devil# make -DOPENSSL_OVERWRITE_BASE install
===> apache+mod_ssl-1.3.27+2.8.14 depends on shared library: mm.12 -
found
===> apache+mod_ssl-1.3.27+2.8.14 depends on shared library: crypto.3 -
not found
===> Verifying install for crypto.3 in /usr/ports/security/openssl
===> Returning to build of apache+mod_ssl-1.3.27+2.8.14
Error: shared library "crypto.3" does not exist
*** Error code 1
Stop in /usr/ports/www/apache13-modssl.
Well this isn't good. OK, Let's let Apache have it the way it seems to
want it. It installs "openssl-0.9.7a_2" in /usr/local, but look at this :
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/bin/openssl
/usr/local/lib/libcrypto.so.3
I didn't see this before (when overwriting the base install)... OK, lets
see where libcrypto.so.3 was installed...
devil# locate libcrypto.so.3
/usr/local/lib/libcrypto.so.3
/usr/ports/security/openssl/work/openssl-0.9.7a/libcrypto.so.3
Okey Dokey then. How come libcrypto.so.3 is included when you install into
/usr/local, but not when you overwrite the base install?
Maintainers? Can you shed some light on this?
Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.44L.0304151708200.17839-100000>