openssl 0.9.8 breaking things

Mark Edwards mark at antsclimbtree.com
Thu Sep 29 02:05:50 PDT 2005


On Sep 28, 2005, at 7:26 PM, Gary Kline wrote:

> On Wed, Sep 28, 2005 at 06:48:03PM +0200, Daniel Gerzo wrote:
>
>> Hello Mark,
>>
>> Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to  
>> our collective wisdom:
>>
>>> Just upgraded to openssl 0.9.8 and things are breaking, namely  
>>> exim and
>>> cyrus-imap.  Non-SSL connections work, SSL connections cause a  
>>> segfault.
>>>
>>
>>> I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is  
>>> there
>>> some way to make this work with 0.9.8?  Have I totally missed  
>>> something
>>> here?
>>>
>>
>> you need to recompile your software (exim,cyrus-imap,...) against new
>> openssl libs.
>
>     I'll toss in my two cents here just FWIW.  I had troubles
>     with all sorts of sh* (stuff) breaking when I touched openssl.
>
>     I had not---or maybe I did, inadvertently--used the openssl
>     "port".  I *had* to use /usr/src/secure/openssl/<<whatever>>;
>     when applications began breaking.  I pkg_deleted openssl
>     and rebuilt the native /usr/src/* stuff.  These apps are
>     tightly interdependent; that's why you are seeing things
>     break.
>
>     This may or may not work generally.  It cost me at least
>     a day's investigation ... and I'm  *still* not sure that
>     everything's right.

I think I have a clue as to why this is becoming complicated.  I  
didn't have either WITH_OPENSSL_BASE=yes or WITH_OPENSSL_PORT=yes in / 
etc/make.conf.  What must be happening is that some things are using  
the base openssl, and some are using the port, which is causing a  
conflict.  That's my guess.  For whatever reason, the 0.9.7g port  
doesn't cause a conflict, whereas 0.9.8 does.

I don't really see the point of having the openssl port installed, in  
my case.  Its only installed because some port wanted it and built  
it, and I didn't have WITH_OPENSSL_BASE=yes set.  So, I'm now going  
to set WITH_OPENSSL_BASE=yes, remove the openssl port, and rebuild  
everything that depended upon the openssl port.

Can anyone either refute any of the above guesses, or tell me why I  
am a fool to go with the base  openssl rather than the port?

Thanks!

--
Mark Edwards
mark at antsclimbtree.com
cell: +46704070332




More information about the freebsd-questions mailing list