[Bug 192511] [patch] fix lang/python27 build with libressl

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511

--- Comment #2 from meyer.arne83 at gmail.com ---
(In reply to Marcus von Appen from comment #1)
> Root problem:
> As soon as libressl is installed via ports, lang/pythonXX and other ports
> will try to pick it up, most likely due to the include and linker flags
> order. This is problematic in two regards:
> 
> * lang/python27 does not have an explicit BUILD/RUN_DEPENDS on libressl,
> since libressl is not officially supported by upstream (yet)
> * libressl is API and ABI incompatible with OpenSSL, so depending on the
> system status (libressl installed or not), python will take the one or other.
> 
> I do not like the patch, since it would disable the function for both,
> OpenSSL and libressl and thus effectively change the behaviour of
> lang/pythonXX.
Does RAND_egd even work on FreeBSD? 
I also tried to preserve the python ssl api by having PySSL_RAND_egd just
return an error. So I don't think it's behaviour has changed. Might have missed
something, tho.
> We need to get two things right:
> 
> * handle OpenSSL support correctly and explicitly use OpenSSL, so that an
> installed SSL replacement does not cause a wrong and unintended behaviour
> * offer users to link against libressl explicitly (via an OPTION), which can
> cause different behaviour.
How about this:
* Add smt. like WITH_OPENSSL_LIBRE and some logic to bsd.openssl.mk
* Have the libressl port fail to build without that flag set.
* Add a static library or c file with dummy functions(RAND_egd, ...) to
libressl.

-- 
You are receiving this mail because:
You are the assignee for the bug.