Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Oct 2018 13:16:22 -0400
From:      Daniel Eischen <deischen@freebsd.org>
To:        Don Lewis <truckman@FreeBSD.org>
Cc:        FreeBSD current <freebsd-current@FreeBSD.org>, re@FreeBSD.org
Subject:   Re: OpenSSL 1.1.1 libssl.so version number
Message-ID:  <1FD133C8-FB76-466F-B7E7-345CFAEDF126@freebsd.org>
In-Reply-To: <tkrat.2bc2d671f8dc3fb8@FreeBSD.org>
References:  <tkrat.3c3bfd84a6c58d9a@FreeBSD.org> <tkrat.2bc2d671f8dc3fb8@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On Oct 14, 2018, at 2:00 AM, Don Lewis <truckman@FreeBSD.org> wrote:
>=20
>> On 12 Oct, Don Lewis wrote:
>> Prior to the OpenSSL 1.1.1 import, the base OpenSSL library was
>> /usr/lib/libssl.so.8.  The security/openssl port (1.0.2p) installed
>> ${LOCALBASE}/lib/ilbssl.so.9 and the security/openssl-devel port
>> (1.1.0i) installed ${LOCALBASE}/lib/libssl.so.11.  After the import, the
>> base OpenSSL library is /usr/lib/libssl.so.9.  Now if you build ports
>> with DEFAULT_VERSIONS+=3Dssl=3Dopenssl, the library that actually gets us=
ed
>> is ambiguous because there are now two different versions of libssl.so
>> (1.0.2p and 1.1.1) with the same shared library version number.
>>=20
>> I stumbled across this when debugging a virtualbox-ose configure
>> failure.  The test executable was linked to the ports version of
>> libssl.so but rtld chose the base libssl.so at run time.
>=20
> It looks to me like the base libssl.so version needs to get moved to a
> value that doesn't collide with ports, perhaps 12.  These are the
> library version numbers currently used by the various ssl ports:

Even if base OpenSSL used 12, don't you potentially have the same problem if=
 the port bumps their version sometime later?

And do you have a problem if a port library is built against a port OpenSSL,=
 and another port library is built against base OpenSSL, then an app links t=
o both libraries, getting both base and port OpenSSL's linked in the same im=
age?  It seems like you have to ensure that when you specify WITH_OPENSSL, t=
hat all your ports are [re]built this way, no?  I guess base OpenSSL is real=
ly no different, all ports need to be built using the same library, whether i=
t's base or some other port version.

--
DE=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1FD133C8-FB76-466F-B7E7-345CFAEDF126>