From owner-freebsd-stable@freebsd.org  Mon Jul 13 19:14:17 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9B70599C9BB
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Mon, 13 Jul 2015 19:14:17 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk)
Received: from mail.xtaz.uk (tao.xtaz.uk [IPv6:2001:8b0:202::10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 63DC31B2C
 for <freebsd-stable@freebsd.org>; Mon, 13 Jul 2015 19:14:17 +0000 (UTC)
 (envelope-from fbsd@xtaz.co.uk)
Received: by mail.xtaz.uk (Postfix, from userid 1001)
 id 1CE5920AEE8C; Mon, 13 Jul 2015 20:14:14 +0100 (BST)
Date: Mon, 13 Jul 2015 20:14:14 +0100
From: Matt Smith <fbsd@xtaz.co.uk>
To: Kevin Oberman <rkoberman@gmail.com>
Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
Subject: Re: WITHOUT_OPENSSL and make delete-old
Message-ID: <20150713191414.GC1284@xtaz.uk>
Mail-Followup-To: Matt Smith <fbsd@xtaz.co.uk>,
 Kevin Oberman <rkoberman@gmail.com>,
 FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
References: <20150713140352.GB1284@xtaz.uk>
 <CAN6yY1u4M7AD+w+kdPu4JYQh45R6zdHm7Z3Vp0QSsNtN9scBkg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CAN6yY1u4M7AD+w+kdPu4JYQh45R6zdHm7Z3Vp0QSsNtN9scBkg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2015 19:14:17 -0000

On Jul 13 11:29, Kevin Oberman wrote:
>On Mon, Jul 13, 2015 at 7:03 AM, Matt Smith <fbsd@xtaz.co.uk> wrote:
>
>> Hi, I use the ports version of OpenSSL for everything and don't require
>> the base version. As a result I thought I would remove it by adding
>> WITHOUT_OPENSSL into /etc/src.conf and running make delete-old in /usr/src.
>> However this seems to only want to delete things related to kerberos and
>> gssapi, which is understandable as they depend on OpenSSL.  However it
>> doesn't seem to touch any OpenSSL files at all. Is this a bug or have I
>> missed something?
>
>Yes. Several critical base system components require the base OpenSL. So, I
>seem to recall that while WITHOUT_OPENSSL will skip the optional SSL stuff,
>I am pretty sure that some of the OpenSSL always are built and are
>considered too critical to rely on a port being installed... like logging
>in, adding users, etc.

See now I assumed that the only things in the base that used it were 
Kerberos, GSSAPI, and OpenSSH. If you read the man page for src.conf it 
says that setting WITHOUT_OPENSSL also sets WITHOUT_KERBEROS, 
WITHOUT_GSSAPI, and WITHOUT_OPENSSH. This makes me think these are the 
only things in the base that do actually use OpenSSL?

Maybe there is actually a lot more that does then. Unfortunately being 
the base means I can't just use pkg to look at what's registered against 
the shared libs.

-- 
Matt