Date: Thu, 8 Feb 2018 15:09:35 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: upgrade now have two openssl versions Message-ID: <2d09eda4-0407-013f-da4e-f333b3b59b1a@FreeBSD.org> In-Reply-To: <CAPORhP4nNp0YTk_GdWHkuFXhW%2BcNZt756Rfc3nzbKNWnUHzp%2Bg@mail.gmail.com> References: <CAPORhP4nNp0YTk_GdWHkuFXhW%2BcNZt756Rfc3nzbKNWnUHzp%2Bg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/02/2018 14:40, David Mehler wrote: > I just upgraded a 10.3 server to 11.1. I've now got two openssl > versions the one in base which openssl version reports as openssl > 1.0.2k, and an installed port which pkg info reports as 1.0.2n. How do > I get openssl and the system to use and to link against the newer > version? > If you are using the pre-compiled pkgs from the FreeBSD project, then you can't. Those packages will always use the default openssl, which for 11.1 is still the base version of openssl. If you are compiling your own packages either via poudriere or otherwise, then you can use the DEFAULT_VERSIONS variable in make.conf: DEFAULT_VERSIONS+= ssl=openssl That will cause all of the ports to be linked against the security/openssl port. There are some complications if you're using GSSAPI or Kerberos, where there are other blocks of code that can come from either base and ports and you need to make sure everything is consistent -- ie. either use all ports, or use all base. Note that switching between ports and base openssl support benefits greatly from clean-room build methods (eg. poudriere): the simple presence of the ports version of openssl on your build system will prevent you from compiling against the base system version of openssl. See /usr/ports/Mk/bsd.default-versions.mk and /usr/ports/Mk/Uses/ssl.mk for all the gory details. Cheers, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2d09eda4-0407-013f-da4e-f333b3b59b1a>