Bug 203528
| Summary: | www/node: Add option to use system OpenSSL | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Adam Weinberger <adamw> | ||||||
| Component: | Individual Port(s) | Assignee: | Adam Weinberger <adamw> | ||||||
| Status: | Closed DUPLICATE | ||||||||
| Severity: | Affects Only Me | CC: | bhughes, linpct | ||||||
| Priority: | --- | Keywords: | patch | ||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(linpct) |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Bug Depends on: | 209793 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Adam Weinberger
2015-10-03 17:51:33 UTC
Created attachment 161683 [details]
BUNDLED_SSL option
*** Bug 203527 has been marked as a duplicate of this bug. *** Created attachment 167724 [details]
BUNDLED_SSL option (updated)
Updated patch against latest www/node
Can you please take another look at this PR? It builds perfectly on 9 and 10, and every SSL test I've run works perfectly. OS X Homebrew builds with this change enabled as default.
Given the frequency of OpenSSL-related exploits, we really, really should be providing a way for people to link their own OpenSSL version.
root@lockup:/wrkdirs/usr/ports/www/node/work # ldd /usr/local/bin/node | egrep 'ssl|crypto'
libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x80153c000)
libssl.so.8 => /usr/local/lib/libssl.so.8 (0x801949000)
Maintainer approved, please check if this patch could apply to node 5.8.0. Thanks. The patch doesn't apply cleanly anymore, so it'll need updating. What about the other node ports, might be nice to do them all at the same time? Hey Bradley, sorry I didn't update this PR earlier. Node does not build against any current version of LibreSSL. This patch would need to do something like what ftp/curl does for the TLS_SRP option---print a message and error out if LibreSSL is the library being linked against. I wasn't thinking about libressl, but rather about the other www/node* ports. I went ahead and updated your patch and adapted it for all 4 ports. See https://github.com/bradleythughes/freebsd-ports/commit/b292974aaa3a824af797f710f312b025f4abb6a9 :) Your updated patch looks great, but it will still break when LibreSSL is installed. It needs to identify that case and produce a helpful message. That is true. Looking through various discussions in issues and pull requests for node.js on Github, I see that LibreSSL support isn't a priority or a concern. I am not sure how we can address/communicate this in the port if the user has OPENSSL_PORT=security/libressl in their local make.conf. ftp/curl does something similar. Check out https://svnweb.freebsd.org/ports/head/ftp/curl/Makefile?r1=382459&r2=382461 I just submitted a new PR with patch to unconditionally use external dependencies where possible, including openssl. See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209793 The porters handbook and general consensus is that these shouldn't be options. That PR makes this one unnecessary. Closing this PR. A better plan was introduced by maintainer in bug #209793. *** This bug has been marked as a duplicate of bug 209793 *** |