lighttpd does not pull OpenSSL dependency

Franco Fichtner franco at
Thu Oct 27 09:17:41 UTC 2016

> On 27 Oct 2016, at 11:00 AM, Mathieu Arnold <mat at> wrote:
> Le 26/10/2016 à 15:44, David Demelier a écrit :
>> 2016-10-26 10:46 GMT+02:00 Mathieu Arnold <mat at>:
>>> Le 26/10/2016 à 00:14, Don Lewis a écrit :
>>>> Then the question is, if DEFAULT_VERSIONS+=ssl=openssl is not in
>>>> make.conf, then why is OpeSSL from ports installed?  Nothing should
>>>> be depending on it.
>>> Well, the problem is that many ports have WITH_OPENSSL_PORT defined, so,
>>> something could have brought it along. I have a git branch changing it
>>> to WANT_OPENSSL_PORT that will mark the port IGNOREd if using base
>>> OpenSSL, I should commit it one day.
>>> Also, I'll change the default for ports from base to openssl, one day.
>> I can help if needed.
> But I don't use all of that, so I need help figuring out which should be
> the default afterwards (it can't be base, because you can't mix base
> heimdal with non base openssl)

Having stripped Kerberos from base for our 11.0 builds makes for a
nice test bed in places where GSSAPI is not yet in a port, but actually
required, leading to quick build errors.

gssapi:heimdal is the closes thing to base as far as we could see, and
we've rolled out several OPNsense releases with both OpenSSL and Heimdal
from ports that work nicely with external AD servers.


More information about the freebsd-ports mailing list