I wanted to try building ports with openssl 3.0 and clearly folks have been busy because the only thing that failed to build was libfido2 (with many deprecation errors). Here's a minimal patch to work around that. (In the long run I assume yubico will add support for openssl 3.)
Created attachment 244982 [details] patch
(In reply to Craig Leres from comment #1) I'm OK with this change. Please add this one after ".if ${SSL_DEFAULT} == base" section. Thanks.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1f659f82a39062ee43e69e81aad815c31e5d5d68 commit 1f659f82a39062ee43e69e81aad815c31e5d5d68 Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2023-10-04 01:35:51 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2023-10-04 01:35:51 +0000 security/libfido2: Unbreak build with DEFAULT_VERSIONS=ssl=openssl30 Use OPENSSL_API_COMPAT to fix build on FreeBSD 13.2 with DEFAULT_VERSIONS=ssl=openssl30 PR: 273909 Approved by: sunpoet (maintainer) security/libfido2/Makefile | 4 ++++ 1 file changed, 4 insertions(+)
@arrowd reports that, "security/openssl30 is going to be removed from ports shortly" in bug 274419. Here's an updated patch to work with openssl3X (I've tested it openssl31).
Created attachment 245592 [details] adjusted patch
would it be better to test OPENSSL_SHLIBVER instead of SSL_DEFAULT? would it not be feasible that we: 1. assume that the mere definition of OPENSSL_SHLIBVER doesnt currently by any port necessarily imply the use of an ssl implementation from ports rather than from base (or fix some small number that do)? 2. set OPENSSL_SHLIBVER in Mk/Uses/ssl.mk according to __FreeBSD_version, even when SSL_DEFAULT == base
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2a1f1b7c3664cde187ac5b507b6a5a1ba18a1daf commit 2a1f1b7c3664cde187ac5b507b6a5a1ba18a1daf Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2023-10-16 16:48:54 +0000 Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org> CommitDate: 2023-10-16 16:48:54 +0000 security/libfido2: Simplified Makefile OPENSSL_API_COMPAT=0x10101000L can be set unconditionally. from CMakeLists.txt: if(CRYPTO_VERSION VERSION_GREATER_EQUAL 3.0) add_definitions(-DOPENSSL_API_COMPAT=0x10100000L) endif() PR: 273909 security/libfido2/Makefile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-)
This should be OK for openssl, openssl-quictls, openssl31 and openssl32.