Making a port to use OpenSSL of ports collection on FreeBSD 11.x

Michael Gmelin freebsd at
Wed May 5 19:08:34 UTC 2021

> On 5. May 2021, at 18:56, Stefan Esser <se at> wrote:
> Am 05.05.21 um 18:00 schrieb Yasuhiro Kimura:
>> You misunderstand my intention. What I would like to do is to make a
>> port use security/openssl instead of base OpenSSL even if user sets
>> 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't
>> customize setting about ssl at all).

Stefan‘s suggestion is AFAIK the best we can do.

mail/opensmtpd has an example of that, but it still requires the user to actively select the OpenSSL library (mixing OpenSSL libraries in a package set is problematic).


> You can mark the port as broken if the user has selected "base" and
> this is incompatible with the port's requirements. E.g.:
> .include <>
> .if ${SSL_DEFAULT} == base
> BROKEN_FreeBSD_11=      OpenSSL 1.1 required
> .endif
> .include <>
> You can of course add a better message, and the user can decide to
> try the compilation again after changing the default. But this will
> of course prevent the building of official packages for FreeBSD-11.
>> As I wrote previous mail, if 'USES=python:3.8+' is specified in
>> Makefile of a port, lang/python38 is used for the port event if user
>> adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for
>> similar way about ssl setting.
> You could add a dependency on the openssl port and make sure, that
> the port's include file and library is used in preference of the
> base version on FreeBSD-11.
> But you have to consider the risk of mixing references to the base and
> the ports version in one binary (e.g. other libraries are linked in that
> had been built against the base version).
> Regards, STefan

More information about the freebsd-ports mailing list