Multiple OpenSSL Versions

[Samer]

I just installed security/openssl, but when I did find / -type f -name openssl I ended up getting 2 results:

# find / -type f -name openssl
/usr/bin/openssl
/usr/local/bin/openssl
# /usr/bin/openssl version
OpenSSL 1.0.1j-freebsd 15 Oct 2014
# /usr/local/bin/openssl version
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
OpenSSL 1.0.2d 9 Jul 2015

So now I'm wondering, how do I get rid of the 1.0.1 version, and how do I make sure that the library files are all from the 1.0.2 version?

 

[drhowarddrfine]

Since you want to use the security/openssl port, you just want to add WITH_OPENSSL_PORT=yes to /etc/make.conf and you can leave the other one alone cause that's the base port. Then any ports you add later will use the version you installed instead which will be updated on a regular basis, unlike the base port.

 

[Samer]

Ok perfect, I had that in there already. So as long as that's in there, all new software will be compiled with the latest?

 

[protocelt]

ok perfect, I had that in there already. So as long as that's in there, all new softwares will be compiled with the latest?

Yes. You'll also want to rebuild all ports(if there are any) installed that were linked against the base OpenSSL before you added WITH_OPENSSL_PORT=yes to make.conf if you want all those ports to be linked against security/openssl. You can use portmaster(8) with the -r flag for this (e.g. portmaster -r openssl)

 

[Samer]

Thanks!

 

[junovitch@]

...
So now I'm wondering, how do I get rid of the 1.0.1 version, and how do I make sure that the library files are all from the 1.0.2 version?

Keep in mind as long as you follow patches from freebsd-update(8), the OpenSSL 1.0.1 version will be perfectly safe. It just won't have the newest features of OpenSSL 1.0.2. You're also not going to want to remove the base version as there are a handful of components in the base system that do use it.

 

[wblock@]

Watch out for ftp/curl, it can link to the base OpenSSL rather than the port one, causing strange and unexpected errors that seem totally unrelated. Setting GSSAPI_NONE avoids that, but then of course it does not have that GSSAPI stuff.