Bug 247236 - www/envoy is marked as broken: does not build with DEFAULT_VERSIONS+=ssl=base: requires BoringSSL
Summary: www/envoy is marked as broken: does not build with DEFAULT_VERSIONS+=ssl=base...
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Alexey Dokuchaev
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-13 13:42 UTC by uros
Modified: 2023-06-16 13:46 UTC (History)
3 users (show)

See Also:
linimon: maintainer-feedback? (danfe)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description uros 2020-06-13 13:42:19 UTC
envoy is broken and can't use it. There is also new version 1.14.4 outside. I guess the problem is there is no BoringSSL as ssl option. I tried to fix this myself but without success right now.

I would like to use envoy with Consul to provide connection between services.
Comment 1 Alexey Dokuchaev freebsd_committer freebsd_triage 2020-06-16 15:20:10 UTC
(In reply to uros from comment #0)
> I guess the problem is there is no BoringSSL
That is correct.  There is 3rd-part work* available for building Envoy purely with OpenSSL, and ultimately I'd want to divorce the port from BoringSSL, but I haven't looked in it closely yet.

*) https://github.com/envoyproxy/envoy-openssl
Comment 2 uros 2021-01-24 19:42:45 UTC
@alexey can you please check https://github.com/envoyproxy/envoy-openssl/issues/1 where I asked about openssl support and I don't have anough knowledge to give concrete answer
Comment 3 uros 2021-03-30 18:19:55 UTC
Any reason why we can't use https://svnweb.freebsd.org/ports/head/security/boringssl/
Comment 4 Ulas SAYGIN 2022-02-28 00:31:47 UTC
(In reply to Alexey Dokuchaev from comment #1)
https://github.com/envoyproxy/envoy-openssl does not have latest version!
they have old cmake build version. new version only supports bazel builds please dont forget.
have wonderful day!
Comment 5 Alexey Dokuchaev freebsd_committer freebsd_triage 2023-06-09 10:59:00 UTC
(In reply to uros from comment #3)
> Any reason why we can't use [security/boringssl]?
We cannot depend on SSL providers directly, but have to do it via the framework.  Right now, BoringSSL cannot be used as an SSL provider, mainly because it needs cmake that needs curl that itself needs the SSL provider (see review D20881).

You can still hack your ports locally so you can have that dependency, of course.