The chicken and the OpenSSL

Kill the Penguin admin at
Tue Apr 15 16:44:00 PDT 2003

Answer was :

> >>> cd /usr/ports/security/openssl && make -DOPENSSL_OVERWRITE_BASE
> >>> install

Thanks by the way. I've got a staging server I'm testing with so I'll let
you know what happens.

> >> I have the same situation, but have already installed apache13-modssl
> >> from ports which loads up openssl-0.9.7a okay when starting
> >> Apache+mod_ssl. What whould be the effect of running Jim's "overwite"
> >> of the old base openssl now at this stage to get down to the one
> >> version...? Do I need to start over....??
> >
> >Good question.  I'm not really sure :-)  Your best bet is to probably
> >try it out on a non-production box if you have one and see what
> >happens.  At the very worst, you may have to rebuild mod_ssl after
> >installing the OpenSSL port, but apache shouldn't have to be touched.

Apache and ModSSL are typically done together. ModSSL is going to use the
ports version of OpenSSL unless it finds the correct version in the base
system. I suspect you'll need to do a "make deinstall" in the
apache13-modssl directory, and then make install again. In theory that
will now use the base install of OpenSSL. I'll try it in a few and I'll
let you know if it fails.

> But, the more I thought about it, by tracking RELENG_4_7, another problem
> jumps up because until and unless the base system is updated with
> openssl-0.9.7a, each update of the OS will put back the old version of
> openssl, unless there is a line that can be placed in make.conf to avoid
> that...??

There is, and this has been a problem since upgrades always want to use
the base install even though a newer version is installed in /usr/local.


More information about the freebsd-questions mailing list