upgrade now have two openssl versions

Matthew Seaman matthew at FreeBSD.org
Thu Feb 8 15:09:38 UTC 2018

On 08/02/2018 14:40, David Mehler wrote:
> I just upgraded a 10.3 server to 11.1. I've now got two openssl
> versions the one in base which openssl version reports as openssl
> 1.0.2k, and an installed port which pkg info reports as 1.0.2n. How do
> I get openssl and the system to use and to link against the newer
> version?

If you are using the pre-compiled pkgs from the FreeBSD project, then 
you can't.  Those packages will always use the default openssl, which 
for 11.1 is still the base version of openssl.

If you are compiling your own packages either via poudriere or 
otherwise, then you can use the DEFAULT_VERSIONS variable in make.conf:

DEFAULT_VERSIONS+=	ssl=openssl

That will cause all of the ports to be linked against the 
security/openssl port.  There are some complications if you're using 
GSSAPI or Kerberos, where there are other blocks of code that can come 
from either base and ports and you need to make sure everything is 
consistent -- ie. either use all ports, or use all base.  Note that 
switching between ports and base openssl support benefits greatly from 
clean-room build methods (eg. poudriere): the simple presence of the 
ports version of openssl on your build system will prevent you from 
compiling against the base system version of openssl.

See /usr/ports/Mk/bsd.default-versions.mk and /usr/ports/Mk/Uses/ssl.mk 
for all the gory details.



More information about the freebsd-questions mailing list