WITHOUT_OPENSSL and make delete-old

Matt Smith fbsd at xtaz.co.uk
Mon Jul 13 19:14:17 UTC 2015

On Jul 13 11:29, Kevin Oberman wrote:
>On Mon, Jul 13, 2015 at 7:03 AM, Matt Smith <fbsd at xtaz.co.uk> wrote:
>> Hi, I use the ports version of OpenSSL for everything and don't require
>> the base version. As a result I thought I would remove it by adding
>> WITHOUT_OPENSSL into /etc/src.conf and running make delete-old in /usr/src.
>> However this seems to only want to delete things related to kerberos and
>> gssapi, which is understandable as they depend on OpenSSL.  However it
>> doesn't seem to touch any OpenSSL files at all. Is this a bug or have I
>> missed something?
>Yes. Several critical base system components require the base OpenSL. So, I
>seem to recall that while WITHOUT_OPENSSL will skip the optional SSL stuff,
>I am pretty sure that some of the OpenSSL always are built and are
>considered too critical to rely on a port being installed... like logging
>in, adding users, etc.

See now I assumed that the only things in the base that used it were 
Kerberos, GSSAPI, and OpenSSH. If you read the man page for src.conf it 
says that setting WITHOUT_OPENSSL also sets WITHOUT_KERBEROS, 
WITHOUT_GSSAPI, and WITHOUT_OPENSSH. This makes me think these are the 
only things in the base that do actually use OpenSSL?

Maybe there is actually a lot more that does then. Unfortunately being 
the base means I can't just use pkg to look at what's registered against 
the shared libs.


More information about the freebsd-stable mailing list