The port uses a number of macros and definitions that were marked deprecated in 3.0: https://github.com/nabla-c0d3/nassl/issues/110 .
This just built fine for me on 14.0-ALPHA3 with OpenSSL from base; the situation looks more complicated than this though. First, the port still does not build with security/openssl30 from ports: ``` cc -shared -Wl,-rpath,/usr/local/lib -fstack-protector-strong -O2 -pipe -fstack-protector-strong -fno-strict-aliasing build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_BIO.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_OCSP_RESPONSE.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_SSL.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_SSL_CTX.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_SSL_SESSION.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_X509.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_X509_STORE_CTX.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/nassl_errors.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/openssl_utils.o build/temp.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl/python_utils.o /usr/local/lib/libssl.so /usr/local/lib/libcrypt.so /usr/lib/libz.so -L/usr/local/lib -o build/lib.freebsd-14.0-ALPHA3-amd64-cpython-39/nassl/_nassl.cpython-39.so -Wl,-z,noexecstack -Wl,-z,notext cc: error: no such file or directory: '/usr/local/lib/libcrypt.so' error: command '/usr/local/libexec/ccache/cc' failed with exit code 1 *** Error code 1 ``` So this issue is definitely relevant in this scenario. On top of that, the original author reacted to this bug report, after looking at the patch already found in the port and wrote that: * this patch "is very problematic," * the port should not use the system's OpenSSL, * even though it compiles it "won't work the intended way", and * the "only supported way of building nassl is to use `python -m invoke build.all`." Upstream is even asking to remove this package. In any case version 5.1.0 is now available (5.0.1 in the port), but considering the above, except for heavy lifting work for FreeBSD this port should be considered for removal. Knowing this, it should probably no longer block bug #258413.
The upstream author asked if we could remove the port. From https://github.com/nabla-c0d3/nassl/issues/110#issuecomment-1732346180 : > Hello @ngie-eign, > > I had a deeper look and the patch that's part of the py-nassl port at https://github.com/pfsense/FreeBSD-ports/blob/devel/security/py-nassl/files/patch-openssl#L158 is highly problematic. It modifies nassl's setup.py to use the system's OpenSSL; even tho the whole thing might compile, it won't work the intended way and will break SSLyze's functionality at runtime in hidden ways. > > The only supported way of building nassl is to use python -m invoke build.all. > > I can see that the patch does look like a lot of work tho, so I understand that it's too bad that it doesn't actually solve the initial problem ("correctly" building nassl on freebsd). > > Would it be possible to remove the py-nassl package ? I think we should mark the port broken with 14.0-RELEASE and remove the package since there aren't any plans to uplift it to work with OpenSSL 3.x at this time (this could change, but it sounds like the uplift might be non-trivial based on how py-nassl works). If the pfSense folks pick up the torch and add missing support/port to OpenSSL 3, that would be wonderful, but disabling the build on 14.0-RELEASE+ will at least reduce some false positive noise.
This port expired yesterday, closing the PR.