Problems with openssl 1.0.2 update

[Guido Falsi]

On 03/23/15 13:40, Guido Falsi wrote:
> On 03/23/15 11:33, Gerhard Schmidt wrote:
>> Hi,
>>
>> we experiencing a problem after upgrading  the openssl port to openssl
>> 1.0.2.
>>
>> /usr/bin/vi started to crash after some seconds with segfault.
>> /rescue/vi works just fine. Deleting the openssl 1.0.2 package
>> everything works just fine again. Installing the old openssl 1.0.1_18
>> package it still works just fine.
>>
>> it seams that besides vi the bash also has this problem. Anybody
>> experiencing the same or is this something specific to my system.
>>
>> I'm running FreeBSD 10.1 updated tonight.
> 
> I am seeing runtime problems with asterisk13 (which I maintain), caused
> by the OpenSSL update fallout.
> 
> In this case, after some analysis, I concluded the problem is the
> libsrtp port requiring OpenSSL from ports(for a reason), causing
> asterisk to link to that too, which would be correct.
> 
> Asterisk also uses the security/trousers port, which links to system
> OpenSSL. This ensues a conflict which now results in asterisk
> segfaulting and stopping to work.
> 
> I'm investigating what can be done about this. As a local solution I can
> force the trousers port to link against OpenSSL from ports, but this
> will not fix the general problem. As a port maintaner I ony see
> modifying the trousers port to depend on ports OpenSSL as a solution, is
> this acceptable?
> 

Quick followup to keep anyone interested informed(and for ML archives
just in case).

The only "fix" I could commit to fix the binary package was removing the
SRTP option from the defaults, avoiding to pull in the libsrtp port
which itself pulled in OpenSSL from ports, causing the library mix.

I'm not proud of such a solution, but was unable to do anything better
right away. If someone has a better solution, please send patches.

So for now anyone wanting to use SRTP with asterisk will have to build
his own packages. :(

-- 
Guido Falsi <madpilot at FreeBSD.org>