Bug 253730 - security/py-openssl: Revert back to 19.1.0
Summary: security/py-openssl: Revert back to 19.1.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Sofian Brabez
URL: https://www.pyopenssl.org/en/stable/c...
Keywords: regression
Depends on:
Blocks: 253711 253756
  Show dependency treegraph
 
Reported: 2021-02-20 20:17 UTC by Yasuhiro Kimura
Modified: 2021-02-25 13:51 UTC (History)
9 users (show)

See Also:
bugzilla: maintainer-feedback? (sbz)


Attachments
Patch file (955 bytes, patch)
2021-02-20 20:17 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2021-02-20 20:17:51 UTC
Created attachment 222689 [details]
Patch file

Since 20.0.0 py-openssl has dropped support of OpenSSL 1.0.2. It means that currently this port can't be built with FreeBSD 11. So revert this port back to 19.1.0 and wait until FreeBSD 11 reaches its EoL.
    
Reference:
https://www.pyopenssl.org/en/stable/changelog.html#id2
Comment 1 david 2021-02-24 14:21:06 UTC
This is affecting our company. Until this is merged security/py-certbot can not create or renew certificates.

It'd be really great if this could be fast-tracked into ports before any certs hit expiry!
Comment 2 daniel.engberg.lists 2021-02-25 09:42:00 UTC
It also requires py-cryptography 3.2 which we don't have in tree.

See comments in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245929 regarding py-cryptography
Comment 3 daniel.engberg.lists 2021-02-25 09:48:39 UTC
(In reply to david from comment #1)
You might want to consider using a different client as this might take a while to resolve due to troublesome dependencies.

https://www.freshports.org/security/acme.sh/
https://www.freshports.org/security/acmed/
https://www.freshports.org/security/acmetool/
https://www.freshports.org/security/uacme/
https://www.freshports.org/security/lego/ (this is what I personally use and it works fine)
https://www.freshports.org/security/dehydrated/
https://www.freshports.org/sysutils/getssl/

I understand that it's not an ideal solution though...
Comment 4 david 2021-02-25 09:56:36 UTC
(In reply to daniel.engberg.lists from comment #3)

Thanks. I'm aware of alternative clients, but we have a bunch of internal tooling written around certbot.

I've downgraded and locked the package versions for our machines for now. Still watching this ticket with interest :)
Comment 5 Dima Panov freebsd_committer 2021-02-25 13:51:23 UTC
Overcome by events, see https://svnweb.freebsd.org/changeset/ports/566534