From nobody Mon Nov 27 02:57:22 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sdqy76cgGz52Mv5
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 27 Nov 2023 02:57:35 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Sdqy740pMz3KGr
	for <freebsd-hackers@freebsd.org>; Mon, 27 Nov 2023 02:57:35 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged))
	by hz.grosbein.net (8.17.1/8.17.1) with ESMTPS id 3AR2vPQB044991
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);
	Mon, 27 Nov 2023 02:57:27 GMT
	(envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: timlegge@gmail.com
Received: from [10.58.0.11] (dadvw [10.58.0.11] (may be forged))
	by eg.sd.rdtc.ru (8.17.1/8.17.1) with ESMTPS id 3AR2vMft056039
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Mon, 27 Nov 2023 09:57:22 +0700 (+07)
	(envelope-from eugen@grosbein.net)
Subject: Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2
To: Timothy Legge <timlegge@gmail.com>, freebsd-hackers@freebsd.org
References: <CALTFL3XyjatK2MtQz4cK2rpDCUHGgYXrze=vMdVrrCMXpH=Kcg@mail.gmail.com>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <dc4451da-3740-a842-0b67-e8a47d4b9d85@grosbein.net>
Date: Mon, 27 Nov 2023 09:57:22 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
In-Reply-To: <CALTFL3XyjatK2MtQz4cK2rpDCUHGgYXrze=vMdVrrCMXpH=Kcg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
	autolearn=disabled version=3.4.6
X-Spam-Report: 
	* -0.0 SHORTCIRCUIT No description available.
	* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on hz.grosbein.net
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]
X-Rspamd-Queue-Id: 4Sdqy740pMz3KGr

27.11.2023 8:00, Timothy Legge wrote:

> I have been updating a Perl CPAN module for OpenSSL v3. and ran into
> an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
> installed.
> 
> So clean install and then install v3 via sudo pkg install openssl31
> 
> When I build Crtpt::OpenSSL::Blowfish (from
> https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with:
> 
> perl Makefile.PL
> make
> 
> It builds and links against openssl3.1.4
> 
> When I attempt:
> 
> make test
> 
> It attempts to load the openssl 1.1.1t library.
> 
> If I do:
> 
> export set OPENSSL_PREFIX=/usr
> 
> and add the following line to the Makefile.PL then
> OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it:
> 
> $args{CCFLAGS} = openssl_lib_paths();
> 
> So, is there a way on FreeBSD to figure out which openssl version is
> the default?  Is there a method that you can think of that can solve
> the linking/run issue without requiring the OPENSSL_PREFIX to be set
> for Crypt::OpenSSL::Guess's benefit.
> 
> Any ideas are greatly appreciated.

If you are making a port then you should respect ssl=base/openssl111/whatever
user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in port's Makefile:

.if ${SSL_DEFAULT} == openssl111
...
endif

If you want to provide packages for different openssl versions,
you may consider adding FLAVORS to the port:

FLAVORS=        base openssl111 openssl30
openssl111_PKGNAMESUFFIX=       -${FLAVOR}
openssl30_PKGNAMESUFFIX=        -${FLAVOR}

.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == openssl30
FLAVOR= openssl30
.endif

# For OpenSSL 3.0.x in base (14+) or installed as port/package
.if ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30
...
# For OpenSSL 1.1.x in base or installed as port/package
.else
...
.endif

This is just an example and you may want to support more openssl versions we have in ports.