lighttpd does not pull OpenSSL dependency

David Demelier demelier.david at
Thu Oct 27 12:49:12 UTC 2016

2016-10-27 11:00 GMT+02:00 Mathieu Arnold <mat at>:
> Before changing the default, though, I need to change the way GSSAPI is
> handled, and create a DEFAULT_VERSIONS+=gssapi=<base,mit,heimdal,...>
> and change all the ports with the USES=gssapi that gives options to the
> users.
> But I don't use all of that, so I need help figuring out which should be
> the default afterwards (it can't be base, because you can't mix base
> heimdal with non base openssl)

I've just tested my lighttpd package into a fresh jail, it has not
installed openssl and the lighttpd binary was using /usr/lib/libssl
from base instead.

There is indeed something wrong then, because if I install openssl,
lighttpd will use one from /usr/local/lib which is terrible as we have
no guarantee about openssl ABI compatibility.

I don't know much linker options, but it is possible to make absolute
shared library dependency ? Like -l/usr/lib/ instead of
-lssl. Will this force lighttpd to use openssl from base?

That's what I dislike in having some software in base and also in
ports. We need to figure out that. Or the best is to avoid having too
much software in base. For example, it's nice to have ssh in base, but
I have no problem if we need to install it in the next years. This
will also have the benefits of more recent versions.

By the way, for what openssl is needed in base?


Demelier David

More information about the freebsd-ports mailing list