Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Nov 2023 09:57:22 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        Timothy Legge <timlegge@gmail.com>, freebsd-hackers@freebsd.org
Subject:   Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2
Message-ID:  <dc4451da-3740-a842-0b67-e8a47d4b9d85@grosbein.net>
In-Reply-To: <CALTFL3XyjatK2MtQz4cK2rpDCUHGgYXrze=vMdVrrCMXpH=Kcg@mail.gmail.com>
References:  <CALTFL3XyjatK2MtQz4cK2rpDCUHGgYXrze=vMdVrrCMXpH=Kcg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
27.11.2023 8:00, Timothy Legge wrote:

> I have been updating a Perl CPAN module for OpenSSL v3. and ran into
> an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
> installed.
> 
> So clean install and then install v3 via sudo pkg install openssl31
> 
> When I build Crtpt::OpenSSL::Blowfish (from
> https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with:
> 
> perl Makefile.PL
> make
> 
> It builds and links against openssl3.1.4
> 
> When I attempt:
> 
> make test
> 
> It attempts to load the openssl 1.1.1t library.
> 
> If I do:
> 
> export set OPENSSL_PREFIX=/usr
> 
> and add the following line to the Makefile.PL then
> OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it:
> 
> $args{CCFLAGS} = openssl_lib_paths();
> 
> So, is there a way on FreeBSD to figure out which openssl version is
> the default?  Is there a method that you can think of that can solve
> the linking/run issue without requiring the OPENSSL_PREFIX to be set
> for Crypt::OpenSSL::Guess's benefit.
> 
> Any ideas are greatly appreciated.

If you are making a port then you should respect ssl=base/openssl111/whatever
user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in port's Makefile:

.if ${SSL_DEFAULT} == openssl111
...
endif

If you want to provide packages for different openssl versions,
you may consider adding FLAVORS to the port:

FLAVORS=        base openssl111 openssl30
openssl111_PKGNAMESUFFIX=       -${FLAVOR}
openssl30_PKGNAMESUFFIX=        -${FLAVOR}

.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == openssl30
FLAVOR= openssl30
.endif

# For OpenSSL 3.0.x in base (14+) or installed as port/package
.if ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30
...
# For OpenSSL 1.1.x in base or installed as port/package
.else
...
.endif

This is just an example and you may want to support more openssl versions we have in ports.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dc4451da-3740-a842-0b67-e8a47d4b9d85>