From owner-freebsd-ports@freebsd.org  Thu Oct 27 09:17:41 2016
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89C87C22ADE
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Thu, 27 Oct 2016 09:17:41 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from host64.shmhost.net (host64.kissl.de [213.239.241.64])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D23E1192;
 Thu, 27 Oct 2016 09:17:40 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from francos-mbp.homeoffice.local
 (ipservice-092-217-062-255.092.217.pools.vodafone-ip.de [92.217.62.255])
 by host64.shmhost.net (Postfix) with ESMTPSA id 2BA5883AC9;
 Thu, 27 Oct 2016 11:17:37 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Subject: Re: lighttpd does not pull OpenSSL dependency
From: Franco Fichtner <franco@lastsummer.de>
In-Reply-To: <7fb24c94-1efa-d1b5-9028-8dec8330e543@FreeBSD.org>
Date: Thu, 27 Oct 2016 11:17:35 +0200
Cc: David Demelier <demelier.david@gmail.com>,
 Don Lewis <truckman@freebsd.org>, mad@madpilot.net,
 freebsd-ports@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F7455AF1-451F-407E-A785-6CDD0BF207E1@lastsummer.de>
References: <201610252214.u9PME6br070248@gw.catspoiler.org>
 <ded708c9-f2bf-6b2f-84cf-f97f91c39888@FreeBSD.org>
 <CAO+PfDdXbbgVMZnxiJig+_drLNYRftD4ruqXxHpybztiR1eBAA@mail.gmail.com>
 <7fb24c94-1efa-d1b5-9028-8dec8330e543@FreeBSD.org>
To: Mathieu Arnold <mat@FreeBSD.org>
X-Mailer: Apple Mail (2.3251)
X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net
X-Virus-Status: Clean
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 09:17:41 -0000


> On 27 Oct 2016, at 11:00 AM, Mathieu Arnold <mat@FreeBSD.org> wrote:
>=20
> Le 26/10/2016 =C3=A0 15:44, David Demelier a =C3=A9crit :
>> 2016-10-26 10:46 GMT+02:00 Mathieu Arnold <mat@freebsd.org>:
>>> Le 26/10/2016 =C3=A0 00:14, Don Lewis a =C3=A9crit :
>>>> Then the question is, if DEFAULT_VERSIONS+=3Dssl=3Dopenssl is not =
in
>>>> make.conf, then why is OpeSSL from ports installed?  Nothing should
>>>> be depending on it.
>>> Well, the problem is that many ports have WITH_OPENSSL_PORT defined, =
so,
>>> something could have brought it along. I have a git branch changing =
it
>>> to WANT_OPENSSL_PORT that will mark the port IGNOREd if using base
>>> OpenSSL, I should commit it one day.
>>>=20
>>> Also, I'll change the default for ports from base to openssl, one =
day.
>> I can help if needed.
>=20
> But I don't use all of that, so I need help figuring out which should =
be
> the default afterwards (it can't be base, because you can't mix base
> heimdal with non base openssl)

Having stripped Kerberos from base for our 11.0 builds makes for a
nice test bed in places where GSSAPI is not yet in a port, but actually
required, leading to quick build errors.

gssapi:heimdal is the closes thing to base as far as we could see, and
we've rolled out several OPNsense releases with both OpenSSL and Heimdal
from ports that work nicely with external AD servers.


Cheers,
Franco=