About protocols in openssl

Fri Feb 28 15:24:10 UTC 2020

On Fri, 28 Feb 2020 09:59:21 +0100 Willem Jan Withagen wjw at digiware.nl said

> On 28-2-2020 01:32, Marcin Cieslak wrote:
> > On Thu, 27 Feb 2020, Willem Jan Withagen wrote:
> >
> >>
> > /home/jenkins/workspace/ceph-master/src/pybind/mgr/.tox/py3/lib/python3.7/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so:
> > 
> >> Undefined symbol "SSLv3_client_method"
> >
> > This looks to me that you are trying to build ceph in the virtualenv 
> > which probably
> > pulls required python packages on its own.
> >
> > Can you make it to depend and use the existing 
> > security/py-cryptography port?
> >
> > I don't know how exactly the ceph port is supposed to work but it 
> > seems to
> > require virtualenv for its inner workings. You might want to force
> > virtual env to use FreeBSD-provided libraries with --system-site-packages
> > but AFAIK it will no longer download anything, i.e. all dependencies
> > need to packaged.
> >
> Interesting, since virtualenv/tox is used during testing with Continuous 
> Integration.
> And there is where I need the stuff, the port/package comes without the 
> testing stuff.
> People that want to develop stuff for Ceph really should use what is in 
> the Git repo.
> 
> > I have just ran "make test" in my ports tree to test py-cryptography
> > and got 1 error (TestECDSACertificate.test_load_ecdsa_no_named_curve)
> > but nothing related to SSLv3_client_method being not there.
> I guess that is because the ports one does not require SSLv3, and is not 
> complaining about missing it.
> Like you said, very likely virtualenv has pulled its own stuff, and that 
> will require SSLv3
> Which is no longer available by default  in openSSL in ports.
> 
> I'll try and see if I can get away with --system-site-packages, and 
> loading tons op packages.
I feel your pain. I was working on a port I maintain 2 days ago, where
configure *insisted* that SSL wasn't available. It was driving me mad.
As all the while I assumed that it was the way I had crafted the Makefile,
or that the ports system had recently changed something. As a result I
acquired a far more intimate knowledge regarding how SSL is used in ports(7).
Worst of it was; in the end, it turned out to be that configure was
searching for a symbol in the openssl library I was using, that had been
removed (renamed) between 1.1.1 && 1.1.1d. Sorry for the long preface.
But I mention it all because in doing it I'm pretty sure I know how you
can get away with what you're after (using the last version that allowed
what you need). I need to get in front of my builder box, and grab the
logs. So I can give you the magic incantation for your Makefile.
I'll probably get a lot of grief for saying all this. So I'll share
those details off list. So as not to give instructions on how to subvert
the ports system. ;)

HTH

--Chris

FreeBSD 14.0-FUTURE #0.000 cray256

> 
> --WjW
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"