The chicken and the OpenSSL
Kill the Penguin
admin at forkthepenguin.com
Tue Apr 15 17:43:52 PDT 2003
> >>> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE
> >>> install
> >> I have the same situation, but have already installed apache13-modssl
> >> from ports which loads up openssl-0.9.7a okay when starting
> >> Apache+mod_ssl. What whould be the effect of running Jim's "overwite"
> >> of the old base openssl now at this stage to get down to the one
> >> version...? Do I need to start over....??
Eck, and the problems start. OK, I did a "make -DOPENSSL_OVERWRITE_BASE
install" of OpenSSL which was successful. I then attempted to build
apache13-modssl, unfortunately it ignores the fact that the correct
version of OpenSSL is already installed and tries to install it in
/usr/local. This is probably due to the fact it doesn't see
"openssl-0.9.7a_2" in /var/db/pkg. When you overwrite the base install of
OpenSSL, the package is registered as "openssl-overwrite-base-0.9.7a_2".
OK, let's trick make in the apache13-modssl directory to overwrite the
base install of OpenSSL even though we just did.
devil# make -DOPENSSL_OVERWRITE_BASE install
===> apache+mod_ssl-1.3.27+2.8.14 depends on shared library: mm.12 -
===> apache+mod_ssl-1.3.27+2.8.14 depends on shared library: crypto.3 -
===> Verifying install for crypto.3 in /usr/ports/security/openssl
===> Returning to build of apache+mod_ssl-1.3.27+2.8.14
Error: shared library "crypto.3" does not exist
*** Error code 1
Stop in /usr/ports/www/apache13-modssl.
Well this isn't good. OK, Let's let Apache have it the way it seems to
want it. It installs "openssl-0.9.7a_2" in /usr/local, but look at this :
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
I didn't see this before (when overwriting the base install)... OK, lets
see where libcrypto.so.3 was installed...
devil# locate libcrypto.so.3
Okey Dokey then. How come libcrypto.so.3 is included when you install into
/usr/local, but not when you overwrite the base install?
Maintainers? Can you shed some light on this?
More information about the freebsd-ports