Matthew Seaman matthew at FreeBSD.org
Fri May 4 07:38:27 UTC 2012

On 03/05/2012 21:22, Darrel wrote:
> If WITH_OPENSSL_PORT=yes exists in /etc/make.conf, will the system
> compile against that as well or only applications?

The base system always links against the copy of openssl in base
irrespective of the WITH_OPENSSL_PORT setting:

% grep WITH_OPENSSL_PORT /etc/make.conf

A sample application from the base that uses openssl:

% ldd /usr/bin/ssh
	libcrypto.so.6 => /lib/libcrypto.so.6 (0x8012dd000)

Whereas something installed from ports uses the ports version of openssl:

% ldd /usr/local/sbin/sendmail	
	libssl.so.8 => /usr/local/lib/libssl.so.8 (0x800ce8000)
	libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800f4a000)

So, yes, you do need to update the system in the manner described in
the recent FreeBSD-SA-12:01.openssl security advisory.



Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120504/b8a305e2/signature.pgp

More information about the freebsd-questions mailing list