From the poudriere build log: /usr/local/libexec/ccache/cc -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -w -Wall -Wextra -Werror -Wshadow -Wwrite-strings -Wmissing-prototypes -Wbad-function-cast -pedantic -fstack-protector-all -std=c99 -Wshorten-64-to-32 -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -Wl,-rpath,/usr/local/lib -fstack-protector-strong CMakeFiles/yubico-piv-tool.dir/yubico-piv-tool.c.o CMakeFiles/yubico-piv-tool.dir/cmdline.c.o -o yubico-piv-tool -Wl,-rpath,/wrkdirs/usr/ports/security/yubico-piv-tool/work/.build/lib: -L/usr/local/lib -lcrypto -L/usr/local/lib -pthread ../lib/libykpiv.so.2.1.0 -lpcsclite CMakeFiles/yubico-piv-tool.dir/yubico-piv-tool.c.o: In function `main': yubico-piv-tool.c:(.text+0x401): undefined reference to `OPENSSL_add_all_algorithms_noconf' yubico-piv-tool.c:(.text+0x1bde): undefined reference to `EVP_MD_CTX_create' yubico-piv-tool.c:(.text+0x1c6f): undefined reference to `EVP_MD_CTX_destroy' yubico-piv-tool.c:(.text+0x2a1b): undefined reference to `sk_new_null' yubico-piv-tool.c:(.text+0x31dc): undefined reference to `sk_pop_free' yubico-piv-tool.c:(.text+0x356d): undefined reference to `sk_pop_free' yubico-piv-tool.c:(.text+0x4774): undefined reference to `EVP_MD_CTX_create' yubico-piv-tool.c:(.text+0x4849): undefined reference to `EVP_MD_CTX_destroy' yubico-piv-tool.c:(.text+0x4be2): undefined reference to `EVP_cleanup' CMakeFiles/yubico-piv-tool.dir/yubico-piv-tool.c.o: In function `add_ext': yubico-piv-tool.c:(.text+0x4cb5): undefined reference to `sk_push' r541879 adds a patch that disables an openssl cmake module from being invoked. But on 11.3 at least if some other package dependency pulls in openssl, yubico-piv-tool is built with openssl 1.0 includes from base and openssl 1.1 libraries from the port. This is not a compile time problem on 12.1 because the base version of openssl is 1.1 (but there is no guarantee there are not other issues caused by the mixing of includes and libraries). I think yubico-piv-tool needs to always run the cmake libcrypt checks in case openssl is installed in /usr/local. The patch replaces patch-CMakeLists.txt and makes the cmake checks for libcrypto optional.
Created attachment 216517 [details] patch
A commit references this bug: Author: leres Date: Fri Jul 31 19:53:38 UTC 2020 New revision: 543880 URL: https://svnweb.freebsd.org/changeset/ports/543880 Log: security/yubico-piv-tool: Unbreak build on FreeBSD 11 with DEFAULT_VERSIONS=ssl=openssl r541879 adds a patch that disables an openssl cmake module from being invoked. But on 11.3 at least if some other package dependency pulls in openssl (or DEFAULT_VERSIONS has ssl=openssl), yubico-piv-tool is built with openssl 1.0 includes from base and openssl 1.1 libraries from the port; this fails due to openssl API changes between 1.0 and 1.1 (e.g. EVP_MD_CTX_create() became EVP_MD_CTX_new()). This is not a compile time problem on 12.1 because the base version of openssl is 1.1 (but there is no guarantee there are not other issues caused by the mixing of includes and libraries). Replace the CMakeLists.txt patch with one for patch-cmake_openssl.cmake that the cmake checks for openssl/libcrypto optional. This ensures that openssl includes and libraries are not mixed between the base and ports versions. PR: 248049 Approved by: ume (maintainer timeout, 2 weeks) Changes: head/security/yubico-piv-tool/files/patch-CMakeLists.txt head/security/yubico-piv-tool/files/patch-cmake_openssl.cmake
The fix has been committed.