OpenSSL Base vs. OpenSSL Port?
Drew Tomlinson
drew at mykitchentable.net
Tue Jun 16 23:04:33 UTC 2009
I had been running 6.2 with openssl base for quite a while. Then I
attempted to implement the dkim-filter port which required using openssl
to generate keys. That's when I noticed that openssl is broken on my
machine. See this example:
# openssl genrsa -out rsa.private 1024
Error configuring OpenSSL
28086:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd
name:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_ctrl.c:318:
28086:error:0E07406D:configuration file
routines:CONF_modules_load:module initialization
error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:234:module=engines,
value=openssl_engines, retcode=-1
So I thought rebuilding world might fix it and while I was at it, I
upgraded to 6.4 but still have the same problem.
Next I tried installing openssl from ports. This openssl seems to work:
# /usr/local/bin/openssl genrsa -out rsa.private 1024
Generating RSA private key, 1024 bit long modulus
..............................................................++++++
..............++++++
e is 65537 (0x10001)
But now I am unclear as to what state my system is in. What is the
preferred method for using openssl from ports vs. using openssl base. I
don't really care which I use but want to avoid trouble with multiple
versions of openssl and/or ports compiled against the wrong version.
I've been Googling all day but can not find a clear guide.
Specifically, what should I have in my /etc/make.conf and what
portupgrade command should I use to ensure things are build against the
correct openssl? I've seen things like OPENSSL_OVERWRITE_BASE=yes,
NO_OPENSSL=yes, WITH_OPENSSL_PORT=yes, WITH_OPENSSL_BETA=yes, and
portupgrade -rf openssl but remain confused.
Thanks,
Drew
--
Be a Great Magician!
Visit The Alchemist's Warehouse
http://www.alchemistswarehouse.com
More information about the freebsd-questions
mailing list