Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Apr 2014 11:42:02 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Darren Pilgrim <list_freebsd@bluerosetech.com>
Cc:        FreeBSD Global Users Mailing List <freebsd-questions@freebsd.org>, Jack Mc Lauren <jack.mclauren@yahoo.com>
Subject:   Re: Updating openssl on FreeBSD 9.2
Message-ID:  <20140407114202.ef08d1a9.freebsd@edvax.de>
In-Reply-To: <53426449.6030006@bluerosetech.com>
References:  <1396852955.86927.YahooMailNeo@web122301.mail.ne1.yahoo.com> <20140407085234.4a39a4ab.freebsd@edvax.de> <53426449.6030006@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 07 Apr 2014 01:39:37 -0700, Darren Pilgrim wrote:
> On 4/6/2014 11:52 PM, Polytropon wrote:
> > On Sun, 6 Apr 2014 23:42:35 -0700 (PDT), Jack Mc Lauren wrote:
> >> Hi
> >> I'm using FreeBSD 9.2 which comes with openssl 0.9.8y.
> >> How can I update it to version 1.0.1f?
> >> Thanks in advance.
> >
> > Probably using the ports version should be the easiest
> > method. Update your ports tree, Install security/openssl,
> > and check if any other applications need to be rebuilt.
> 
> You need to add WITH_OPENSSL_PORT=yes to /etc/make.conf to enable 
> linking to the openssl port.

Yes, that is also needed.



> > If you're using a custom-built system, you can also
> > disable the integration of SSL into the OS by defining
> > WITHOUT_OPENSSL in /etc/src.conf and rebuilding. See
> > "man src.conf" for details.
> 
> Don't do this.  OpenSSL is needed by so many things in the base that 
> it's effectively mandatory.  Just rely on WITH_OPENSSL_PORT making the 
> ports framework select the correct library.

Still /etc/src.conf allows you to disable most of those
parts. As I have never tried the "full set", I'm not sure
what would break, but at least I assume that more than
one "crypto" component could be affected, maybe even the
system mailing service.

>From "man src.conf":

     WITHOUT_CRYPT
             Set to not build any crypto code.  When set, it also enforces the
             following options:

             WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI)
             WITHOUT_KERBEROS
             WITHOUT_KERBEROS_SUPPORT
             WITHOUT_OPENSSH
             WITHOUT_OPENSSL

[...]

     WITHOUT_OPENSSL
             Set to not build OpenSSL.  When set, it also enforces the follow-
             ing options:

             WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI)
             WITHOUT_KERBEROS
             WITHOUT_KERBEROS_SUPPORT
             WITHOUT_OPENSSH

Your suggestion is worth following especially in regards of SSH.



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140407114202.ef08d1a9.freebsd>