The DPorts tree has been audited and fixed to work with dports-based SSL libraries such as:
  /security/openssl
  /security/openssl-devel (untested)
  /security/libressl
  /security/libressl-devel (untested)

Currently they will still build with the DF base openssl libraries. If you want to use one of the dports SSL libraries above, put "SSL_DEFAULT=<portname>" in your make.conf and rebuild them all.

For example, put:
SSL_DEFAULT=libressl
in /usr/local/etc/synth/LiveSystem-make.conf
and use synth to rebuild all packages, then reinstall from your local repository.

In about a week, the dports framework will be changed to use dports-based libressl be default ON MASTER (existing releases will still use base openssl), so if you want something else on master you need to set SSL_DEFAULT anyway. (Note that there are a few ports that are OpenSSL-only, so those will only be available to people that build their own packages with SSL_DEFAULT=openssl set in the future).

You can maintain the current behavior by setting "SSL_DEFAULT=base" in make.conf, but at some point we are going to unhook the base OpenSSL from the build by default.

Let's pick a date, say 14 October 2016.
I proposed that after that point, the base openSSL will not longer build and "make upgrade" will remove it from the system. We can have a new build variable, e.g. KEEP_OPENSSL, that would keep building it and not remove it during upgrade, but that variable would probably be removed before the next release.

If anyone has a big issue with that proposal, just speak up. Nothing is set in stone yet.

John

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Reply via email to