openssl 0.9.8 breaking things
Mark Edwards
mark at antsclimbtree.com
Thu Sep 29 02:05:50 PDT 2005
On Sep 28, 2005, at 7:26 PM, Gary Kline wrote:
> On Wed, Sep 28, 2005 at 06:48:03PM +0200, Daniel Gerzo wrote:
>
>> Hello Mark,
>>
>> Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to
>> our collective wisdom:
>>
>>> Just upgraded to openssl 0.9.8 and things are breaking, namely
>>> exim and
>>> cyrus-imap. Non-SSL connections work, SSL connections cause a
>>> segfault.
>>>
>>
>>> I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is
>>> there
>>> some way to make this work with 0.9.8? Have I totally missed
>>> something
>>> here?
>>>
>>
>> you need to recompile your software (exim,cyrus-imap,...) against new
>> openssl libs.
>
> I'll toss in my two cents here just FWIW. I had troubles
> with all sorts of sh* (stuff) breaking when I touched openssl.
>
> I had not---or maybe I did, inadvertently--used the openssl
> "port". I *had* to use /usr/src/secure/openssl/<<whatever>>;
> when applications began breaking. I pkg_deleted openssl
> and rebuilt the native /usr/src/* stuff. These apps are
> tightly interdependent; that's why you are seeing things
> break.
>
> This may or may not work generally. It cost me at least
> a day's investigation ... and I'm *still* not sure that
> everything's right.
I think I have a clue as to why this is becoming complicated. I
didn't have either WITH_OPENSSL_BASE=yes or WITH_OPENSSL_PORT=yes in /
etc/make.conf. What must be happening is that some things are using
the base openssl, and some are using the port, which is causing a
conflict. That's my guess. For whatever reason, the 0.9.7g port
doesn't cause a conflict, whereas 0.9.8 does.
I don't really see the point of having the openssl port installed, in
my case. Its only installed because some port wanted it and built
it, and I didn't have WITH_OPENSSL_BASE=yes set. So, I'm now going
to set WITH_OPENSSL_BASE=yes, remove the openssl port, and rebuild
everything that depended upon the openssl port.
Can anyone either refute any of the above guesses, or tell me why I
am a fool to go with the base openssl rather than the port?
Thanks!
--
Mark Edwards
mark at antsclimbtree.com
cell: +46704070332
More information about the freebsd-questions
mailing list