Re: State of LibreSSL in FreeBSD ports

From: Felix Palmen <>
Date: Tue, 05 Oct 2021 06:38:49 UTC
* Mathieu Arnold <> [20211004 20:20]:
> On Sun, Oct 03, 2021 at 04:16:54PM +0200, Felix Palmen wrote:
> > Is LibreSSL in FreeBSD ports
> > 
> > * supported, so ports should build with it if at all possible?
> > * supported on a "best effort" base, so setting a port BROKEN is
> >   acceptable if maintaining (working) patches would be too much hassle?
> > * NOT supported at all, so random build failures with LibreSSL are fine?
> I'd say the third option, the only *SSL variant that is guaranteed too
> work is using the base system OpenSSL, using anything else is bound to
> hurt and segfault at one point or the other.

If that would be consensus, I think it would be better to remove the
option altogether. What's the point of having a totally unsupported and
experimental option in ports anyways?

Fortunately, my experience is different. Most port maintainers
acknowledge a problem with LibreSSL (that isn't already noted in an
IGNORE/BROKEN) is a bug. And I've never seen a segfault caused by using
LibreSSL in several years of using it with FreeBSD ports.

> This is because your software will have linking with one library from
> the base system that brings OpenSSL, and some other library that links
> with ports OpenSSL or LibreSSL, and the software calls one function that
> is in both.

I could think of kerberos here (which I don't use from base either). Do
you have any other examples?

 Dipl.-Inform. Felix Palmen  <>   ,.//..........
 {web}  {jabber} [see email]   ,//
 {pgp public key}   //   """""""""""
 {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A