Re: FreeBSD Port: openssl35-3.5.2

From: Bernard Spil <brnrd_at_freebsd.org>
Date: Thu, 21 Aug 2025 07:07:51 UTC 
On 2025-08-21 06:53, Bernard Spil wrote:
> On 2025-08-21 01:12, J. Terhune wrote:
>> Are there any plans for getting an updated patch for OpenSSL 3.5 to 
>> support KTLS in the near future?
>> 
>> 
>> Jim Terhune
>> Right Connection Inc
> 
> Hi Jim,
> 
> I've relied on jhb@ to provide the KTLS patch.
> 
> The main and soon-to-be stable/15 branch have OpenSSL 3.5. presumably 
> with KTLS support.
> 
> I need to check, but wasn't KTLS for FreeBSD upstreamed to OpenSSL, so 
> I could just enable the knob?!

FreeBSD KTLS was upstreamed, disabled by default in Configure.
Patched the port, seems to work OK.
Can you test and let me know if this works for you?

diff --git a/security/openssl35/Makefile b/security/openssl35/Makefile
index a415ba0b9bb..21e66e66542 100644
--- a/security/openssl35/Makefile
+++ b/security/openssl35/Makefile
@@ -40,10 +40,9 @@ OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG QUIC SCTP SSL3 
TLS1 TLS1_1 TLS1_2

  OPTIONS_DEFINE=	ASYNC CT FIPS-JITTER KTLS MAN3 RFC3779 SHARED

-OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST MAN3 MD4 ML-DSA ML-KEM 
NEXTPROTONEG \
+OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 ML-DSA 
ML-KEM NEXTPROTONEG \
  		QUIC RFC3779 RC2 RC4 RMD160 SCTP SHARED SLH-DSA SSE2 \
  		THREADPOOL THREADS TLS1 TLS1_1 TLS1_2
-#OPTIONS_DEFAULT+=	KTLS pending updated KTLS patch

  OPTIONS_GROUP_OPTIMIZE_amd64=	EC

@@ -130,8 +129,6 @@ I386_CONFIGURE_ON=	386
  FIPS-JITTER_CFLAGS=	-I${PREFIX}/include
  FIPS-JITTER_LDFLAGS=	-L${PREFIX}/lib
  
FIPS-JITTER_BUILD_DEPENDS=	${LOCALBASE}/lib/libjitterentropy.a:devel/libjitterentropy
-KTLS_BROKEN=		Pending updated KTLS patch
-KTLS_EXTRA_PATCHES=	${FILESDIR}/extra-patch-ktls
  LEGACY_VARS=		shlibs+=lib/ossl-modules/legacy.so
  MAN3_EXTRA_PATCHES_OFF=	${FILESDIR}/extra-patch-util_find-doc-nits
  SHARED_MAKE_ENV=	SHLIBVER=${OPENSSL_SHLIBVER}