From owner-freebsd-questions@freebsd.org Tue Sep 15 18:07:25 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60E5DA04ED4 for ; Tue, 15 Sep 2015 18:07:25 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1753E15C6 for ; Tue, 15 Sep 2015 18:07:24 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: by qgt47 with SMTP id 47so150145065qgt.2 for ; Tue, 15 Sep 2015 11:07:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :organization:mime-version:content-type; bh=2CdDOOuGNwkYM2JrX7nSaES/wp46ec8IkKFKmY3LCGg=; b=ZNUgoeIffPSSETIzNIHFiucIcYaJc1S1gxvfhZMOWjXmVWMR7smEIVnJ1ba9scSNGc GgsnuzcJ+OvUUderKF3qvuqqCC7xxOzeT0PJ4F8g9SoWzuRAndzMm+LruxMCXeJYbPtO fuRErsn0uLP1PzvpHyX9nsbynIHrd3Zj/eCsI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:reply-to:organization:mime-version:content-type; bh=2CdDOOuGNwkYM2JrX7nSaES/wp46ec8IkKFKmY3LCGg=; b=B1qQ3n/KQFV3PpIOUt47epHkth2H0fXgOC6hvruDaQNy0MJ0kRLZr+v87kU03LWR/4 s4OZyoiDOSgOZE+AzHi/SHzpUK5LN2XR8rcaHi8rkmnrtUgSmBrShq+4SIUX1bixE6Q7 rCH/HTynMEk02AlPmdoDEbuFajLF3eWzoQwcg5NcyjA4HY2VxDQyTY4oOUdTU42LxHfk qeoUJV1vRi4CAThTv6GFQZ+dvRF68CzRAHkLrDzluempGStYAx9hu8oxng1Uus+q/I36 v1IHRBDTvAh9ru/yqwZWtluDqmLZmwC9BCMKTrYoN/84FiSSQ4UqFdZlORVuXMRGgqqD aFYQ== X-Gm-Message-State: ALoCoQnbF8A5iUCWJXSM583xUFxBsaQuvsjJ+T/ps/r3b237QJ4QIog+dFLyYhSBKVvViteEBmr5 X-Received: by 10.140.151.140 with SMTP id 134mr36244341qhx.49.1442340443967; Tue, 15 Sep 2015 11:07:23 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-174-109-28-112.nc.res.rr.com. [174.109.28.112]) by smtp.gmail.com with ESMTPSA id o4sm8414821qki.43.2015.09.15.11.07.23 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Sep 2015 11:07:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3nFswB3ZL9z3DlWX for ; Tue, 15 Sep 2015 14:07:22 -0400 (EDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.98.7 at scorpio.seibercom.net Date: Tue, 15 Sep 2015 14:07:12 -0400 From: Jerry To: FreeBSD FreeBSD Subject: Re: Forcing use of newer version of OpenSSL Message-ID: <20150915140712.62c34588@seibercom.net> In-Reply-To: <55F84EC1.3090908@freebsd.org> References: <20150915123306.55760c0d@seibercom.net> <55F84EC1.3090908@freebsd.org> Reply-To: FreeBSD FreeBSD Organization: seibercom NET X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; amd64-portbld-freebsd10.1) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/uLJ20QYqqqj/5mqh_l3tkbH"; protocol="application/pgp-signature" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 18:07:25 -0000 --Sig_/uLJ20QYqqqj/5mqh_l3tkbH Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, 15 Sep 2015 18:00:49 +0100, Matthew Seaman stated: > On 09/15/15 17:33, Jerry wrote: > > I have both OpenSSL 1.0.1l-freebsd 15 Jan 2015 {located in /usr/bin} and > > OpenSSL 1.0.2d 9 Jul 2015 {located in /usr/local/bin} residing on my > > system. Now, I want to use and hopefully link programs against the > > "port", ie, newer version. If I adjust the path to use "/usr/local/bin" > > first, some programs fail to build. I discovered this a few months ago > > and received that bit of knowledge on this forum. I therefore changed t= he > > path so "/usr/bin" goes before "/usr/local/bin". That has the effect of > > causing the older version of OpenSSL being used. > >=20 > > Other than permanently changing the path, and then changing it back whe= n a > > build fails, how can I permanently fix this problem. IMHO, the newer > > version should permanently overwrite the older version. I don't need or > > want to versions. Since the older version comes with the base system, I > > am hesitant to try and remove it. In a perfect world, the base system > > would be updated, but I guess that is not going to happen anytime soon. >=20 > For anything you want to compile from ports, just add: >=20 > WITH_OPENSSL_PORT=3D yes >=20 > to /etc/make.conf (or /usr/local/etc/poudriere.d/make.conf if you're > using poudriere) >=20 > Additionally you have to be careful of some ports that have GSSAPI > options -- don't enable GSSAPI support from the base system, or you'll > end up with a binary linked against two different versions of OpenSSL > libraries. Apart from that, the ports openssl is pretty much a drop-in > replacement. >=20 > For stuff you're compiling yourself, outside of ports, you need to force > your compilation to use the appropriate -I (for include files) and -L > (for libraries) search paths when compiling C code. How to do this is > specific to the compilation system used by whatever code your trying to > compile. >=20 > It's not feasible to remove openssl from base -- too much stuff in base > needs it -- nor is it feasible to overwrite the base openssl with the > ports version -- the ABIs have changed between the two versions. >=20 > I believe the ultimate plan is to make the base version of openssl a > private library and require all ported software to use the ports version > of openssl, but that is for future implementation. I have the notation in the /etc/make.conf file. My question is how do I for= ce the use of the newer version of OpenSSL, other than by changing the $PATH setting? Changing the $PATH setting causes some programs to fail to build. I don't remember exactly what programs were involved though. Thanks for you help. --=20 Jerry --Sig_/uLJ20QYqqqj/5mqh_l3tkbH Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV+F5SAAoJEElTsHIJnX8e8Q4H/i3n5v7lmO5BvwmHXIOp8W9a oaIft9x6wBk1aiDrj59YK/4ihz4Jb49kMOukDd2grKblbSk7uX6w6VIGYiNYp/Hg Km7FHMQZX/afg3jWWBJgBPtb+tdcML6yGEe0x6Telbfm3jC8za+F6h0QAua0TxFG X/v58UWQh7HpTL5RuiQuU95GnOmiUZjE6AbRxcNOrl/Vs/6y38tpQ2hwEi7KPF1P sk9BWW5ARw+tabWrQdNIWAVXxpe1kR6L5zQK+vY/ohxs6q5cBOXefIaZOuW1uZEC WzD4ep0pgnI6ZXI0IWQx6sMwMNtAFBnQEzBRvzT+4DP9ocrO4FDKyHPQ0VaZHLE= =UzV1 -----END PGP SIGNATURE----- --Sig_/uLJ20QYqqqj/5mqh_l3tkbH--