From owner-freebsd-current@freebsd.org Sun Oct 14 17:16:24 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 695FF10DC09E for ; Sun, 14 Oct 2018 17:16:24 +0000 (UTC) (envelope-from deischen@freebsd.org) Received: from mail.netplex.net (mail.netplex.net [204.213.176.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.netplex.net", Issuer "RapidSSL RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 06AE693439; Sun, 14 Oct 2018 17:16:23 +0000 (UTC) (envelope-from deischen@freebsd.org) Received: from [10.0.0.66] (ip-414b102e.ct.fixed.ntplx.com [65.75.16.46]) (authenticated bits=0) by mail.netplex.net (8.15.1/8.15.1/NETPLEX) with ESMTPSA id w9EHGM2t037183 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 14 Oct 2018 13:16:22 -0400 X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.netplex.net) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mail.netplex.net [204.213.176.9]); Sun, 14 Oct 2018 13:16:22 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: OpenSSL 1.1.1 libssl.so version number From: Daniel Eischen X-Mailer: iPhone Mail (16A405) In-Reply-To: Date: Sun, 14 Oct 2018 13:16:22 -0400 Cc: FreeBSD current , re@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: <1FD133C8-FB76-466F-B7E7-345CFAEDF126@freebsd.org> References: To: Don Lewis X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Oct 2018 17:16:24 -0000 > On Oct 14, 2018, at 2:00 AM, Don Lewis wrote: >=20 >> On 12 Oct, Don Lewis wrote: >> Prior to the OpenSSL 1.1.1 import, the base OpenSSL library was >> /usr/lib/libssl.so.8. The security/openssl port (1.0.2p) installed >> ${LOCALBASE}/lib/ilbssl.so.9 and the security/openssl-devel port >> (1.1.0i) installed ${LOCALBASE}/lib/libssl.so.11. After the import, the >> base OpenSSL library is /usr/lib/libssl.so.9. Now if you build ports >> with DEFAULT_VERSIONS+=3Dssl=3Dopenssl, the library that actually gets us= ed >> is ambiguous because there are now two different versions of libssl.so >> (1.0.2p and 1.1.1) with the same shared library version number. >>=20 >> I stumbled across this when debugging a virtualbox-ose configure >> failure. The test executable was linked to the ports version of >> libssl.so but rtld chose the base libssl.so at run time. >=20 > It looks to me like the base libssl.so version needs to get moved to a > value that doesn't collide with ports, perhaps 12. These are the > library version numbers currently used by the various ssl ports: Even if base OpenSSL used 12, don't you potentially have the same problem if= the port bumps their version sometime later? And do you have a problem if a port library is built against a port OpenSSL,= and another port library is built against base OpenSSL, then an app links t= o both libraries, getting both base and port OpenSSL's linked in the same im= age? It seems like you have to ensure that when you specify WITH_OPENSSL, t= hat all your ports are [re]built this way, no? I guess base OpenSSL is real= ly no different, all ports need to be built using the same library, whether i= t's base or some other port version. -- DE=