On Thu, Apr 09, 2015 at 05:53:45PM +0200, Christian Weisgerber wrote: > Baptiste Daroussin: > > > Some how you have mixed up things between base openssl and libressl, when > > starting to activate libressl if you are using ports only you have to be > > extra > > careful, (same goes with ncurses or ports openssl) just installing those > > ports > > is enough to "pollute" nearly anything you build after with a dependency on > > it > > (well anything that does link to libssl, libcrypto) > > Well, yes, that's what I said. It's a bug. > > > If it very complicated and > > error prone to cherry pick "only take base openssl here, only ports openssl > > there" the only "safe" way to solve this situation and being consistent is > > to > > always skip the version from base and enforce the version for ports. (the > > otherway around is impossible - very complicated) > > And the addition of LibreSSL as a not-quite-equivalent alternative > to ports OpenSSL makes this even more complicated. You can expect > things coming out of OpenBSD (like new versions of net/openntpd) > to require LibreSSL, because it includes a new library libtls that > doesn't exist in OpenSSL. In the meantime, LibreSSL has removed > some of the more horrific APIs of OpenSSL, which means some ports > will not build against LibreSSL as is. Like python27. Fixes for > these problems can be picked from the OpenBSD ports tree, if we > want to. > > It's kind of hard to fix such problems if there is no clear policy > how things are supposed to work in the first place. >
I'm and other are working on a policy about that: always enforce openssl from ports with just a flag to say I want openssl or I want libressl but not both, would apply to others libs that behave the same way but I have limited time on this any one who wants to work on that is welcome :) Best regards, Bapt
pgpmD9yidewlZ.pgp
Description: PGP signature
