LibreSSL infects ports, causes problems

Christian Weisgerber naddy at
Thu Apr 9 15:53:51 UTC 2015

Baptiste Daroussin:

> Some how you have mixed up things between base openssl and libressl, when
> starting to activate libressl if you are using ports only you have to be extra
> careful, (same goes with ncurses or ports openssl) just installing those ports
> is enough to "pollute" nearly anything you build after with a dependency on it
> (well anything that does link to libssl, libcrypto)

Well, yes, that's what I said.  It's a bug.

> If it very complicated and
> error prone to cherry pick "only take base openssl here, only ports openssl
> there" the only "safe" way to solve this situation and being consistent is to
> always skip the version from base and enforce the version for ports. (the
> otherway around is impossible - very complicated)

And the addition of LibreSSL as a not-quite-equivalent alternative
to ports OpenSSL makes this even more complicated.  You can expect
things coming out of OpenBSD (like new versions of net/openntpd)
to require LibreSSL, because it includes a new library libtls that
doesn't exist in OpenSSL.  In the meantime, LibreSSL has removed
some of the more horrific APIs of OpenSSL, which means some ports
will not build against LibreSSL as is.  Like python27.  Fixes for
these problems can be picked from the OpenBSD ports tree, if we
want to.

It's kind of hard to fix such problems if there is no clear policy
how things are supposed to work in the first place.

Christian "naddy" Weisgerber                          naddy at

More information about the freebsd-ports mailing list