From owner-freebsd-questions@FreeBSD.ORG Tue Apr 15 17:43:52 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C78537B401; Tue, 15 Apr 2003 17:43:52 -0700 (PDT) Received: from vp4.netgate.net (vp4.netgate.net [205.214.170.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id B86D243FB1; Tue, 15 Apr 2003 17:43:51 -0700 (PDT) (envelope-from admin@forkthepenguin.com) Received: from localhost (ibrew@localhost) by vp4.netgate.net (8.11.6/8.11.6) with ESMTP id h3G0hl305076; Tue, 15 Apr 2003 17:43:47 -0700 (PDT) Date: Tue, 15 Apr 2003 17:43:47 -0700 (PDT) From: Kill the Penguin X-X-Sender: ibrew@vp4.netgate.net To: "Jack L. Stone" In-Reply-To: <3.0.5.32.20030415183102.01415200@sage-one.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: ports@freebsd.org cc: dinoex@freebsd.org cc: rse@engelschall.com cc: freebsd-questions@freebsd.org cc: Jim Mock cc: dirk@freebsd.org Subject: Re: The chicken and the OpenSSL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 00:43:52 -0000 > >>> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE > >>> install > >> > >> I have the same situation, but have already installed apache13-modssl > >> from ports which loads up openssl-0.9.7a okay when starting > >> Apache+mod_ssl. What whould be the effect of running Jim's "overwite" > >> of the old base openssl now at this stage to get down to the one > >> version...? Do I need to start over....?? Eck, and the problems start. OK, I did a "make -DOPENSSL_OVERWRITE_BASE install" of OpenSSL which was successful. I then attempted to build apache13-modssl, unfortunately it ignores the fact that the correct version of OpenSSL is already installed and tries to install it in /usr/local. This is probably due to the fact it doesn't see "openssl-0.9.7a_2" in /var/db/pkg. When you overwrite the base install of OpenSSL, the package is registered as "openssl-overwrite-base-0.9.7a_2". OK, let's trick make in the apache13-modssl directory to overwrite the base install of OpenSSL even though we just did. devil# pwd /usr/ports/www/apache13-modssl devil# make -DOPENSSL_OVERWRITE_BASE install ===> apache+mod_ssl-1.3.27+2.8.14 depends on shared library: mm.12 - found ===> apache+mod_ssl-1.3.27+2.8.14 depends on shared library: crypto.3 - not found ===> Verifying install for crypto.3 in /usr/ports/security/openssl ===> Returning to build of apache+mod_ssl-1.3.27+2.8.14 Error: shared library "crypto.3" does not exist *** Error code 1 Stop in /usr/ports/www/apache13-modssl. Well this isn't good. OK, Let's let Apache have it the way it seems to want it. It installs "openssl-0.9.7a_2" in /usr/local, but look at this : ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/openssl /usr/local/lib/libcrypto.so.3 I didn't see this before (when overwriting the base install)... OK, lets see where libcrypto.so.3 was installed... devil# locate libcrypto.so.3 /usr/local/lib/libcrypto.so.3 /usr/ports/security/openssl/work/openssl-0.9.7a/libcrypto.so.3 Okey Dokey then. How come libcrypto.so.3 is included when you install into /usr/local, but not when you overwrite the base install? Maintainers? Can you shed some light on this? Chris