If you wish, you may rebuild all dports to use non-base SSL library of your choice

John Marino dragonflybsd at marino.st
Sat Sep 17 07:47:47 PDT 2016

The DPorts tree has been audited and fixed to work with dports-based SSL 
libraries such as:
   /security/openssl-devel (untested)
   /security/libressl-devel (untested)

Currently they will still build with the DF base openssl libraries.  If 
you want to use one of the dports SSL libraries above, put 
"SSL_DEFAULT=<portname>" in your make.conf and rebuild them all.

For example, put:
in /usr/local/etc/synth/LiveSystem-make.conf
and use synth to rebuild all packages, then reinstall from your local 

In about a week, the dports framework will be changed to use 
dports-based libressl be default ON MASTER (existing releases will still 
use base openssl), so if you want something else on master you need to 
set SSL_DEFAULT anyway.  (Note that there are a few ports that are 
OpenSSL-only, so those will only be available to people that build their 
own packages with SSL_DEFAULT=openssl set in the future).

You can maintain the current behavior by setting "SSL_DEFAULT=base" in 
make.conf, but at some point we are going to unhook the base OpenSSL 
from the build by default.

Let's pick a date, say 14 October 2016.
I proposed that after that point, the base openSSL will not longer build 
and "make upgrade" will remove it from the system.  We can have a new 
build variable, e.g. KEEP_OPENSSL, that would keep building it and not 
remove it during upgrade, but that variable would probably be removed 
before the next release.

If anyone has a big issue with that proposal, just speak up.  Nothing is 
set in stone yet.


This email has been checked for viruses by Avast antivirus software.

More information about the Users mailing list