Date: Tue, 15 Sep 2015 14:07:12 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Forcing use of newer version of OpenSSL Message-ID: <20150915140712.62c34588@seibercom.net> In-Reply-To: <55F84EC1.3090908@freebsd.org> References: <20150915123306.55760c0d@seibercom.net> <55F84EC1.3090908@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/uLJ20QYqqqj/5mqh_l3tkbH
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Tue, 15 Sep 2015 18:00:49 +0100, Matthew Seaman stated:
> On 09/15/15 17:33, Jerry wrote:
> > I have both OpenSSL 1.0.1l-freebsd 15 Jan 2015 {located in /usr/bin} and
> > OpenSSL 1.0.2d 9 Jul 2015 {located in /usr/local/bin} residing on my
> > system. Now, I want to use and hopefully link programs against the
> > "port", ie, newer version. If I adjust the path to use "/usr/local/bin"
> > first, some programs fail to build. I discovered this a few months ago
> > and received that bit of knowledge on this forum. I therefore changed t=
he
> > path so "/usr/bin" goes before "/usr/local/bin". That has the effect of
> > causing the older version of OpenSSL being used.
> >=20
> > Other than permanently changing the path, and then changing it back whe=
n a
> > build fails, how can I permanently fix this problem. IMHO, the newer
> > version should permanently overwrite the older version. I don't need or
> > want to versions. Since the older version comes with the base system, I
> > am hesitant to try and remove it. In a perfect world, the base system
> > would be updated, but I guess that is not going to happen anytime soon.
>=20
> For anything you want to compile from ports, just add:
>=20
> WITH_OPENSSL_PORT=3D yes
>=20
> to /etc/make.conf (or /usr/local/etc/poudriere.d/make.conf if you're
> using poudriere)
>=20
> Additionally you have to be careful of some ports that have GSSAPI
> options -- don't enable GSSAPI support from the base system, or you'll
> end up with a binary linked against two different versions of OpenSSL
> libraries. Apart from that, the ports openssl is pretty much a drop-in
> replacement.
>=20
> For stuff you're compiling yourself, outside of ports, you need to force
> your compilation to use the appropriate -I (for include files) and -L
> (for libraries) search paths when compiling C code. How to do this is
> specific to the compilation system used by whatever code your trying to
> compile.
>=20
> It's not feasible to remove openssl from base -- too much stuff in base
> needs it -- nor is it feasible to overwrite the base openssl with the
> ports version -- the ABIs have changed between the two versions.
>=20
> I believe the ultimate plan is to make the base version of openssl a
> private library and require all ported software to use the ports version
> of openssl, but that is for future implementation.
I have the notation in the /etc/make.conf file. My question is how do I for=
ce
the use of the newer version of OpenSSL, other than by changing the $PATH
setting? Changing the $PATH setting causes some programs to fail to build. I
don't remember exactly what programs were involved though.
Thanks for you help.
--=20
Jerry
--Sig_/uLJ20QYqqqj/5mqh_l3tkbH
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJV+F5SAAoJEElTsHIJnX8e8Q4H/i3n5v7lmO5BvwmHXIOp8W9a
oaIft9x6wBk1aiDrj59YK/4ihz4Jb49kMOukDd2grKblbSk7uX6w6VIGYiNYp/Hg
Km7FHMQZX/afg3jWWBJgBPtb+tdcML6yGEe0x6Telbfm3jC8za+F6h0QAua0TxFG
X/v58UWQh7HpTL5RuiQuU95GnOmiUZjE6AbRxcNOrl/Vs/6y38tpQ2hwEi7KPF1P
sk9BWW5ARw+tabWrQdNIWAVXxpe1kR6L5zQK+vY/ohxs6q5cBOXefIaZOuW1uZEC
WzD4ep0pgnI6ZXI0IWQx6sMwMNtAFBnQEzBRvzT+4DP9ocrO4FDKyHPQ0VaZHLE=
=UzV1
-----END PGP SIGNATURE-----
--Sig_/uLJ20QYqqqj/5mqh_l3tkbH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150915140712.62c34588>