Dependency problem with ports OpenSSL and apache24

From: Christian Ullrich <>
Date: Thu, 10 Feb 2022 13:04:23 UTC

I just went down a dependency rathole trying to get Apache 2.4 to 
correctly build with ports OpenSSL. The symptom I was trying to fix was 
that Apache, both in error.log on startup and in the Server header, 
reported itself as using OpenSSL 1.1.1k-freebsd, i.e. base OpenSSL on 

ldd also reports a dependency on in /usr/local/sbin/httpd.

Interestingly, mod_ssl from the same package says it is using OpenSSL 
1.1.1m, which is the current version of the security/openssl port.

My DEFAULT_VERSIONS includes bdb=18 and ssl=openssl.

Eventually I figured out that this was because I have devel/apr1 
configured with BDB=on and databases/db18 has an unconditional USES=ssl 
and does not correctly follow ssl=openssl. Instead it always uses 
OpenSSL from base.

The fix I came up with is to patch databases/db18 by adding an SSL 
option and SSL_CONFIGURE_WITH=repmgr-ssl=yes. When configured with 
SSL=off, OpenSSL is not used anymore. This keeps the library out of 
libaprutil and therefore out of httpd.

Does this look like something I should submit as a patch, or am I on the 
wrong track? Fixing databases/db18 to get its OpenSSL selection right is 
also a good idea, of course, but I could not get it working.

Thanks for any help.

Christian Ullrich