Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2
- In reply to: Eugene Grosbein : "Re: OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 27 Nov 2023 16:16:36 UTC
> On Nov 26, 2023, at 20:15, Eugene Grosbein <eugen@grosbein.net> wrote: > > 27.11.2023 8:00, Timothy Legge wrote: > >> I have been updating a Perl CPAN module for OpenSSL v3. and ran into >> an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3 >> installed. >> >> So clean install and then install v3 via sudo pkg install openssl31 >> >> When I build Crtpt::OpenSSL::Blowfish (from >> https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with: >> >> perl Makefile.PL >> make >> >> It builds and links against openssl3.1.4 >> >> When I attempt: >> >> make test >> >> It attempts to load the openssl 1.1.1t library. >> >> If I do: >> >> export set OPENSSL_PREFIX=/usr >> >> and add the following line to the Makefile.PL then >> OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it: >> >> $args{CCFLAGS} = openssl_lib_paths(); >> >> So, is there a way on FreeBSD to figure out which openssl version is >> the default? Is there a method that you can think of that can solve >> the linking/run issue without requiring the OPENSSL_PREFIX to be set >> for Crypt::OpenSSL::Guess's benefit. >> >> Any ideas are greatly appreciated. > > If you are making a port then you should respect ssl=base/openssl111/whatever > user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in port's Makefile: > > .if ${SSL_DEFAULT} == openssl111 > ... > endif > > If you want to provide packages for different openssl versions, > you may consider adding FLAVORS to the port: > > FLAVORS= base openssl111 openssl30 > openssl111_PKGNAMESUFFIX= -${FLAVOR} > openssl30_PKGNAMESUFFIX= -${FLAVOR} > > .include <bsd.port.options.mk> > .if ${SSL_DEFAULT} == openssl30 > FLAVOR= openssl30 > .endif > > # For OpenSSL 3.0.x in base (14+) or installed as port/package > .if ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30 > ... > # For OpenSSL 1.1.x in base or installed as port/package > .else > ... > .endif > > This is just an example and you may want to support more openssl versions we have in ports. I honestly think FLAVORS OpenSSL support should be added to ports . It would make some things considerably easier for self-standing apps (it would still be largely impossible if/when base system libraries like kerberos5 are linked in, though). Cheers, -Enji