upgrade now have two openssl versions
Matthew Seaman
matthew at FreeBSD.org
Thu Feb 8 15:09:38 UTC 2018
On 08/02/2018 14:40, David Mehler wrote:
> I just upgraded a 10.3 server to 11.1. I've now got two openssl
> versions the one in base which openssl version reports as openssl
> 1.0.2k, and an installed port which pkg info reports as 1.0.2n. How do
> I get openssl and the system to use and to link against the newer
> version?
>
If you are using the pre-compiled pkgs from the FreeBSD project, then
you can't. Those packages will always use the default openssl, which
for 11.1 is still the base version of openssl.
If you are compiling your own packages either via poudriere or
otherwise, then you can use the DEFAULT_VERSIONS variable in make.conf:
DEFAULT_VERSIONS+= ssl=openssl
That will cause all of the ports to be linked against the
security/openssl port. There are some complications if you're using
GSSAPI or Kerberos, where there are other blocks of code that can come
from either base and ports and you need to make sure everything is
consistent -- ie. either use all ports, or use all base. Note that
switching between ports and base openssl support benefits greatly from
clean-room build methods (eg. poudriere): the simple presence of the
ports version of openssl on your build system will prevent you from
compiling against the base system version of openssl.
See /usr/ports/Mk/bsd.default-versions.mk and /usr/ports/Mk/Uses/ssl.mk
for all the gory details.
Cheers,
Matthew
More information about the freebsd-questions
mailing list