From owner-freebsd-current@freebsd.org Sat Oct 13 18:11:38 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D93E10D1BB0 for ; Sat, 13 Oct 2018 18:11:38 +0000 (UTC) (envelope-from deischen@freebsd.org) Received: from mail.netplex.net (mail.netplex.net [204.213.176.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.netplex.net", Issuer "RapidSSL RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CABC984C49; Sat, 13 Oct 2018 18:11:37 +0000 (UTC) (envelope-from deischen@freebsd.org) Received: from [10.0.0.66] (ip-414b102e.ct.fixed.ntplx.com [65.75.16.46]) (authenticated bits=0) by mail.netplex.net (8.15.1/8.15.1/NETPLEX) with ESMTPSA id w9DI2cYd047789 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 13 Oct 2018 14:02:39 -0400 X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.netplex.net) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mail.netplex.net [204.213.176.9]); Sat, 13 Oct 2018 14:02:39 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: OpenSSL 1.1.1 libssl.so version number From: Daniel Eischen X-Mailer: iPhone Mail (16A405) In-Reply-To: <201810130258.w9D2wbIh042892@slippy.cwsent.com> Date: Sat, 13 Oct 2018 14:02:37 -0400 Cc: Don Lewis , FreeBSD current , re@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: <0F7EB379-8C52-478A-AA5A-AC4257E5B70A@freebsd.org> References: <201810130258.w9D2wbIh042892@slippy.cwsent.com> To: Cy Schubert X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Oct 2018 18:11:38 -0000 > On Oct 12, 2018, at 10:58 PM, Cy Schubert wrot= e: >=20 > In message , Don Lewis writes: >> Prior to the OpenSSL 1.1.1 import, the base OpenSSL library was >> /usr/lib/libssl.so.8. The security/openssl port (1.0.2p) installed >> ${LOCALBASE}/lib/ilbssl.so.9 and the security/openssl-devel port >> (1.1.0i) installed ${LOCALBASE}/lib/libssl.so.11. After the import, the >> base OpenSSL library is /usr/lib/libssl.so.9. Now if you build ports >> with DEFAULT_VERSIONS+=3Dssl=3Dopenssl, the library that actually gets us= ed >> is ambiguous because there are now two different versions of libssl.so >> (1.0.2p and 1.1.1) with the same shared library version number. >>=20 >> I stumbled across this when debugging a virtualbox-ose configure >> failure. The test executable was linked to the ports version of >> libssl.so but rtld chose the base libssl.so at run time. >=20 > This is also the issue with ports-mgmt/pkg on a system that still=20 > requires OpenSSL 1.0.2 from ports in order to support an old client. >=20 > cwfw# pkg info > ld-elf.so.1: /usr/local/lib/libcrypto.so.9: version OPENSSL_1_1_0=20 > required by /usr/local/lib/libpkg.so.4 not defined > cwfw#=20 >=20 > If I remove security/openssl, the above issue is resolved however the=20 > old client, which should be replaced next year, fails to communicate=20 > with the server. The classic rock & a hard place scenario. Not saying this is a real solution for the general problem, but can you use a= libmap.conf entry to work around this? -- DE=