Bug 251782

Summary: Mk/bsd.default-versions.mk: define SSL_DEFAULT=openssl on FreeBSD 11.*
Product: Ports & Packages Reporter: Jan Beich <jbeich>
Component: Individual Port(s)Assignee: Port Management Team <portmgr>
Status: New ---    
Severity: Affects Only Me CC: kde
Priority: --- Keywords: needs-qa, patch
Version: LatestFlags: jbeich: exp-run?
Hardware: Any   
OS: Any   
Description Flags
v1 none

Description Jan Beich freebsd_committer 2020-12-12 14:06:02 UTC
Created attachment 220486 [details]

FreeBSD binary packages are supposed to be useful for the widest range of users. As many ports are BROKEN with OpenSSL < 1.1 and FreeBSD-SA-20:33.openssl the stacks are against packages using base OpenSSL. Packages never promised stable ABI unlike base system. So, let's switch the default.
Comment 1 Jan Beich freebsd_committer 2020-12-12 14:12:01 UTC
Need an exp-run for a better picture: how much volunteer's time we'd actually save by sacrificing a base component that turned rotten before EOL.
Comment 2 Mathieu Arnold freebsd_committer 2020-12-12 15:32:28 UTC
I can already tell you how it will go.

- Everything will build
- Except for ports that also use GSSAPI, which now can't use GSSAPIĀ from base and have to be built with a ports version of GSSAPI. Now, for those ports, they don't work any more as the innards of the different GSSAPIĀ are not compatible.
- Things will run
- Except stuff that links with stuff in base, like pkg, and with libpkg comes net-snmp, then php-snmp, and then, boom, it explodes mid flight because you built php with ssl from ports, but php-snmp brings in openssl from the base system.

We could devote exp-run resources to this, but, well, the switch from ssl=base to ssl=openssl will never happen in the official package repository, so, why bother...