security/libressl: Add the possibility to build only libtls
David Wahlund
david at dafnet.se
Mon Aug 21 15:30:33 UTC 2017
On 2017-08-21 16:55, Mathieu Arnold wrote:
> Le 21/08/2017 à 12:03, Franco Fichtner a écrit :
>>> On 21. Aug 2017, at 11:59 AM, David Wahlund <david at dafnet.se> wrote:
>>>
>>> I'd like to use the libtls library of LibreSSL on FreeBSD. Or the python bindings to libtls specifically. I do NOT however want to replace openssl or use the libssl library.
>>>
>>> From what I understand it would be possible in practice as I assume it's only libssl that overwrites files used by openssl.
>>>
>>> Would it be possible to create an option in LibreSSL, or preferably make a separate port, for libtls only? That way future ports can depend on libtls only. For example a future python-libtls port could depend on that.
>>
>> Unless you build your own packages with OpenSSL from ports
>> you can just install LibreSSL and use it in your programs...
>>
>> # pkg install libressl
>>
>> OpenSSL lives in the base system, LibreSSL will be an optional
>> install under /usr/local.
>
>
> That is not quite true. As soon as you install openssl, openssl-devel,
> or libressl or libressl-devel, the ports framework will use it whenever
> you build something that needs SSL from the ports tree.
>
>
> If you truly want to have libressl but do not want to use it for
> building ports, you will need to install it in a separate PREFIX.
>
>
Well the problem is that libressl is TWO libraries (actually three but
nm). One that replaces openssl (libssl) and one that doesn't (libtls).
However the libtls has shared dependencies with libssl. I DO want to use
libtls for ports that has that dependency, but NOT use it to replace
openssl. Libtls CAN be a separate dependency in parallel to openssl from
what I understand. But now the libressl port conflicts with the openssl
port even though parts of it is not in conflict and I don't think the
shared parts between libssl and libtls are in conflict with openssl. But
I might be wrong. So what I'm looking for is a way to use libtls but NOT
use libssl.
More information about the freebsd-ports
mailing list