On Thu, Apr 9, 2015 at 3:56 PM, Baptiste Daroussin <b...@freebsd.org> wrote: > On Thu, Apr 09, 2015 at 05:53:45PM +0200, Christian Weisgerber wrote: >> Baptiste Daroussin: >> >> > Some how you have mixed up things between base openssl and libressl, when >> > starting to activate libressl if you are using ports only you have to be >> > extra >> > careful, (same goes with ncurses or ports openssl) just installing those >> > ports >> > is enough to "pollute" nearly anything you build after with a dependency >> > on it >> > (well anything that does link to libssl, libcrypto) >> >> Well, yes, that's what I said. It's a bug. >> >> > If it very complicated and >> > error prone to cherry pick "only take base openssl here, only ports openssl >> > there" the only "safe" way to solve this situation and being consistent is >> > to >> > always skip the version from base and enforce the version for ports. (the >> > otherway around is impossible - very complicated) >> >> And the addition of LibreSSL as a not-quite-equivalent alternative >> to ports OpenSSL makes this even more complicated. You can expect >> things coming out of OpenBSD (like new versions of net/openntpd) >> to require LibreSSL, because it includes a new library libtls that >> doesn't exist in OpenSSL. In the meantime, LibreSSL has removed >> some of the more horrific APIs of OpenSSL, which means some ports >> will not build against LibreSSL as is. Like python27. Fixes for >> these problems can be picked from the OpenBSD ports tree, if we >> want to. >> >> It's kind of hard to fix such problems if there is no clear policy >> how things are supposed to work in the first place. >> > > I'm and other are working on a policy about that: always enforce openssl from > ports with just a flag to say I want openssl or I want libressl but not both, > would apply to others libs that behave the same way but I have limited time on > this any one who wants to work on that is welcome :)
I think that we need to build up a team of people who are interested in making that happen in FreeBSD. I would be very interested to have a LibreSSL-powered FreeBSD server for production use at work. > > Best regards, > Bapt -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
