From owner-freebsd-questions@FreeBSD.ORG Tue Jun 16 23:04:33 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7771B106566B for ; Tue, 16 Jun 2009 23:04:33 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from smtp1.mc.surewest.net (qsmtp.mc.surewest.net [66.60.130.145]) by mx1.freebsd.org (Postfix) with SMTP id 567EC8FC23 for ; Tue, 16 Jun 2009 23:04:33 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: (qmail 1632 invoked from network); 16 Jun 2009 16:22:50 -0700 Received: by simscan 1.1.0 ppid: 1608, pid: 1614, t: 2.4342s scanners: regex: 1.1.0 attach: 1.1.0 spam: 3.1.7-deb X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on smtp1.surewest.net X-Spam-Level: X-Spam-Status: No, score=0.0 required=10.0 tests=none autolearn=disabled version=3.1.7-deb X-Spam-CMAE-Analysis: v=1.0 c=1 a=jDt-9pEAAAAA:8 a=h5ktZYGZ3q7tVKMOsykA:9 a=u6Vq7mp9Z3cWeLpPgSAA:7 a=mCCJXh16My5GrWcNCWHR8JcUFjMA:4 Received: from unknown (HELO blacklamb.mykitchentable.net) (69.62.230.77) by smtp1 with SMTP; 16 Jun 2009 16:22:48 -0700 Received: from [127.0.0.1] (bigdaddy.mykitchentable.net [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with ESMTPA id 4A308164E80 for ; Tue, 16 Jun 2009 16:04:20 -0700 (PDT) Message-ID: <4A3824EA.4080906@mykitchentable.net> Date: Tue, 16 Jun 2009 16:04:10 -0700 From: Drew Tomlinson User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 090616-0, 06/16/2009), Outbound message X-Antivirus-Status: Clean Subject: OpenSSL Base vs. OpenSSL Port? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2009 23:04:33 -0000 I had been running 6.2 with openssl base for quite a while. Then I attempted to implement the dkim-filter port which required using openssl to generate keys. That's when I noticed that openssl is broken on my machine. See this example: # openssl genrsa -out rsa.private 1024 Error configuring OpenSSL 28086:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_ctrl.c:318: 28086:error:0E07406D:configuration file routines:CONF_modules_load:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:234:module=engines, value=openssl_engines, retcode=-1 So I thought rebuilding world might fix it and while I was at it, I upgraded to 6.4 but still have the same problem. Next I tried installing openssl from ports. This openssl seems to work: # /usr/local/bin/openssl genrsa -out rsa.private 1024 Generating RSA private key, 1024 bit long modulus ..............................................................++++++ ..............++++++ e is 65537 (0x10001) But now I am unclear as to what state my system is in. What is the preferred method for using openssl from ports vs. using openssl base. I don't really care which I use but want to avoid trouble with multiple versions of openssl and/or ports compiled against the wrong version. I've been Googling all day but can not find a clear guide. Specifically, what should I have in my /etc/make.conf and what portupgrade command should I use to ensure things are build against the correct openssl? I've seen things like OPENSSL_OVERWRITE_BASE=yes, NO_OPENSSL=yes, WITH_OPENSSL_PORT=yes, WITH_OPENSSL_BETA=yes, and portupgrade -rf openssl but remain confused. Thanks, Drew -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com