Discussion:
OpenSSL 1.1.1t vs OpenSSL 3.1.4 linking on 13.2
(too old to reply)
Timothy Legge
2023-11-27 01:00:04 UTC
Permalink
Hi

I have been updating a Perl CPAN module for OpenSSL v3. and ran into
an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
installed.

So clean install and then install v3 via sudo pkg install openssl31

When I build Crtpt::OpenSSL::Blowfish (from
https://github.com/perl-openssl/perl-Crypt-OpenSSL-Blowfish.git) with:

perl Makefile.PL
make

It builds and links against openssl3.1.4

When I attempt:

make test

It attempts to load the openssl 1.1.1t library.

If I do:

export set OPENSSL_PREFIX=/usr

and add the following line to the Makefile.PL then
OpenSSL::Crypt::Guess correctly finds openssl 1.1.1t and links to it:

$args{CCFLAGS} = openssl_lib_paths();

So, is there a way on FreeBSD to figure out which openssl version is
the default? Is there a method that you can think of that can solve
the linking/run issue without requiring the OPENSSL_PREFIX to be set
for Crypt::OpenSSL::Guess's benefit.

Any ideas are greatly appreciated.

Tim

Timothy Legge
***@gmail.com
***@cpan.org


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Eugene Grosbein
2023-11-27 02:57:22 UTC
Permalink
Post by Timothy Legge
I have been updating a Perl CPAN module for OpenSSL v3. and ran into
an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
installed.
So clean install and then install v3 via sudo pkg install openssl31
When I build Crtpt::OpenSSL::Blowfish (from
perl Makefile.PL
make
It builds and links against openssl3.1.4
make test
It attempts to load the openssl 1.1.1t library.
export set OPENSSL_PREFIX=/usr
and add the following line to the Makefile.PL then
$args{CCFLAGS} = openssl_lib_paths();
So, is there a way on FreeBSD to figure out which openssl version is
the default? Is there a method that you can think of that can solve
the linking/run issue without requiring the OPENSSL_PREFIX to be set
for Crypt::OpenSSL::Guess's benefit.
Any ideas are greatly appreciated.
If you are making a port then you should respect ssl=base/openssl111/whatever
user setting in /etc/make.conf in DEFAULT_VERSIONS, so check for it in port's Makefile:

.if ${SSL_DEFAULT} == openssl111
...
endif

If you want to provide packages for different openssl versions,
you may consider adding FLAVORS to the port:

FLAVORS= base openssl111 openssl30
openssl111_PKGNAMESUFFIX= -${FLAVOR}
openssl30_PKGNAMESUFFIX= -${FLAVOR}

.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == openssl30
FLAVOR= openssl30
.endif

# For OpenSSL 3.0.x in base (14+) or installed as port/package
.if ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30
...
# For OpenSSL 1.1.x in base or installed as port/package
.else
...
.endif

This is just an example and you may want to support more openssl versions we have in ports.



--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Enji Cooper
2023-11-27 16:16:36 UTC
Permalink
Post by Eugene Grosbein
Post by Timothy Legge
I have been updating a Perl CPAN module for OpenSSL v3. and ran into
an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
installed.
So clean install and then install v3 via sudo pkg install openssl31
When I build Crtpt::OpenSSL::Blowfish (from
perl Makefile.PL
make
It builds and links against openssl3.1.4
make test
It attempts to load the openssl 1.1.1t library.
export set OPENSSL_PREFIX=/usr
and add the following line to the Makefile.PL then
$args{CCFLAGS} = openssl_lib_paths();
So, is there a way on FreeBSD to figure out which openssl version is
the default? Is there a method that you can think of that can solve
the linking/run issue without requiring the OPENSSL_PREFIX to be set
for Crypt::OpenSSL::Guess's benefit.
Any ideas are greatly appreciated.
If you are making a port then you should respect ssl=base/openssl111/whatever
.if ${SSL_DEFAULT} == openssl111
...
endif
If you want to provide packages for different openssl versions,
FLAVORS= base openssl111 openssl30
openssl111_PKGNAMESUFFIX= -${FLAVOR}
openssl30_PKGNAMESUFFIX= -${FLAVOR}
.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == openssl30
FLAVOR= openssl30
.endif
# For OpenSSL 3.0.x in base (14+) or installed as port/package
.if ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30
...
# For OpenSSL 1.1.x in base or installed as port/package
.else
...
.endif
This is just an example and you may want to support more openssl versions we have in ports.
I honestly think FLAVORS OpenSSL support should be added to ports . It would make some things considerably easier for self-standing apps (it would still be largely impossible if/when base system libraries like kerberos5 are linked in, though).
Cheers,
-Enji

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Timothy Legge
2023-11-27 17:19:28 UTC
Permalink
Post by Eugene Grosbein
Post by Timothy Legge
I have been updating a Perl CPAN module for OpenSSL v3. and ran into
an issue when testing in a clean FreeBSD 13.2 install with OpenSSL v3
installed.
If you are making a port then you should respect ssl=base/openssl111/whatever
I am actually just releasing a Perl CPAN module. I doubt that anyone
will package it specifically t this point. My question is more around
is there anything that I can/should be doing to ensure that the
correct openssl version is picked by default. That is, the one that
will allow its library to be loaded dynamically at run-time.
Post by Eugene Grosbein
.if ${SSL_DEFAULT} == openssl111
I will take a look to see if any of the options work for me. As a
general CPAN module I need to ensure that what I do will not break
things for other operating systems but I have some ability to target
things.

thanks

Tim


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...