Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2

From: Eugene Grosbein <eugen_at_grosbein.net>
Date: Mon, 27 Nov 2023 02:57:22 UTC
27.11.2023 8:00, Timothy Legge wrote:

> I have been updating a Perl CPAN module for OpenSSL v3. and ran into
> an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
> installed.
> 
> So clean install and then install v3 via sudo pkg install openssl31
> 
> When I build Crtpt::OpenSSL::Blowfish (from
> https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with:
> 
> perl Makefile.PL
> make
> 
> It builds and links against openssl3.1.4
> 
> When I attempt:
> 
> make test
> 
> It attempts to load the openssl 1.1.1t library.
> 
> If I do:
> 
> export set OPENSSL_PREFIX=/usr
> 
> and add the following line to the Makefile.PL then
> OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it:
> 
> $args{CCFLAGS} = openssl_lib_paths();
> 
> So, is there a way on FreeBSD to figure out which openssl version is
> the default?  Is there a method that you can think of that can solve
> the linking/run issue without requiring the OPENSSL_PREFIX to be set
> for Crypt::OpenSSL::Guess's benefit.
> 
> Any ideas are greatly appreciated.

If you are making a port then you should respect ssl=base/openssl111/whatever
user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in port's Makefile:

.if ${SSL_DEFAULT} == openssl111
...
endif

If you want to provide packages for different openssl versions,
you may consider adding FLAVORS to the port:

FLAVORS=        base openssl111 openssl30
openssl111_PKGNAMESUFFIX=       -${FLAVOR}
openssl30_PKGNAMESUFFIX=        -${FLAVOR}

.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == openssl30
FLAVOR= openssl30
.endif

# For OpenSSL 3.0.x in base (14+) or installed as port/package
.if ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30
...
# For OpenSSL 1.1.x in base or installed as port/package
.else
...
.endif

This is just an example and you may want to support more openssl versions we have in ports.