From owner-freebsd-questions@FreeBSD.ORG Mon Apr 7 09:43:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F21FC44 for ; Mon, 7 Apr 2014 09:43:10 +0000 (UTC) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 50539295 for ; Mon, 7 Apr 2014 09:43:10 +0000 (UTC) Received: from r56.edvax.de (port-92-195-84-247.dynamic.qsc.de [92.195.84.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 090F83CD75; Mon, 7 Apr 2014 11:43:07 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id s379g2Z7002769; Mon, 7 Apr 2014 11:42:02 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Mon, 7 Apr 2014 11:42:02 +0200 From: Polytropon To: Darren Pilgrim Subject: Re: Updating openssl on FreeBSD 9.2 Message-Id: <20140407114202.ef08d1a9.freebsd@edvax.de> In-Reply-To: <53426449.6030006@bluerosetech.com> References: <1396852955.86927.YahooMailNeo@web122301.mail.ne1.yahoo.com> <20140407085234.4a39a4ab.freebsd@edvax.de> <53426449.6030006@bluerosetech.com> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Global Users Mailing List , Jack Mc Lauren X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 09:43:10 -0000 On Mon, 07 Apr 2014 01:39:37 -0700, Darren Pilgrim wrote: > On 4/6/2014 11:52 PM, Polytropon wrote: > > On Sun, 6 Apr 2014 23:42:35 -0700 (PDT), Jack Mc Lauren wrote: > >> Hi > >> I'm using FreeBSD 9.2 which comes with openssl 0.9.8y. > >> How can I update it to version 1.0.1f? > >> Thanks in advance. > > > > Probably using the ports version should be the easiest > > method. Update your ports tree, Install security/openssl, > > and check if any other applications need to be rebuilt. > > You need to add WITH_OPENSSL_PORT=yes to /etc/make.conf to enable > linking to the openssl port. Yes, that is also needed. > > If you're using a custom-built system, you can also > > disable the integration of SSL into the OS by defining > > WITHOUT_OPENSSL in /etc/src.conf and rebuilding. See > > "man src.conf" for details. > > Don't do this. OpenSSL is needed by so many things in the base that > it's effectively mandatory. Just rely on WITH_OPENSSL_PORT making the > ports framework select the correct library. Still /etc/src.conf allows you to disable most of those parts. As I have never tried the "full set", I'm not sure what would break, but at least I assume that more than one "crypto" component could be affected, maybe even the system mailing service. >From "man src.conf": WITHOUT_CRYPT Set to not build any crypto code. When set, it also enforces the following options: WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI) WITHOUT_KERBEROS WITHOUT_KERBEROS_SUPPORT WITHOUT_OPENSSH WITHOUT_OPENSSL [...] WITHOUT_OPENSSL Set to not build OpenSSL. When set, it also enforces the follow- ing options: WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI) WITHOUT_KERBEROS WITHOUT_KERBEROS_SUPPORT WITHOUT_OPENSSH Your suggestion is worth following especially in regards of SSH. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...