Bug 251782 - Mk/bsd.default-versions.mk: define SSL_DEFAULT=openssl on FreeBSD 11.*
Summary: Mk/bsd.default-versions.mk: define SSL_DEFAULT=openssl on FreeBSD 11.*
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Port Management Team
URL:
Keywords: needs-qa, patch
Depends on:
Blocks:
 
Reported: 2020-12-12 14:06 UTC by Jan Beich
Modified: 2020-12-12 15:32 UTC (History)
1 user (show)

See Also:
jbeich: exp-run?


Attachments
v1 (864 bytes, patch)
2020-12-12 14:06 UTC, Jan Beich
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer 2020-12-12 14:06:02 UTC
Created attachment 220486 [details]
v1

FreeBSD binary packages are supposed to be useful for the widest range of users. As many ports are BROKEN with OpenSSL < 1.1 and FreeBSD-SA-20:33.openssl the stacks are against packages using base OpenSSL. Packages never promised stable ABI unlike base system. So, let's switch the default.
Comment 1 Jan Beich freebsd_committer 2020-12-12 14:12:01 UTC
Need an exp-run for a better picture: how much volunteer's time we'd actually save by sacrificing a base component that turned rotten before EOL.
Comment 2 Mathieu Arnold freebsd_committer 2020-12-12 15:32:28 UTC
I can already tell you how it will go.

- Everything will build
- Except for ports that also use GSSAPI, which now can't use GSSAPI from base and have to be built with a ports version of GSSAPI. Now, for those ports, they don't work any more as the innards of the different GSSAPI are not compatible.
- Things will run
- Except stuff that links with stuff in base, like pkg, and with libpkg comes net-snmp, then php-snmp, and then, boom, it explodes mid flight because you built php with ssl from ports, but php-snmp brings in openssl from the base system.

We could devote exp-run resources to this, but, well, the switch from ssl=base to ssl=openssl will never happen in the official package repository, so, why bother...