Subject: Re: openssl on openbsd
To: julien Touche <julien.touche@lycos.com>
From: Frederick Bruckman <fredb@immanent.net>
List: tech-pkg
Date: 04/07/2003 08:53:46
On Mon, 7 Apr 2003, julien Touche wrote:

> Frederick Bruckman wrote:
>
> > On Sun, 6 Apr 2003, julien Touche wrote:
> >
> >>while trying to compile openssl on openbsd 3.2/i386 with pkgsrc, i
> >>encounter big errors (see end of mail).

> > It would be better, on the whole, to go with your OS's. That probably
> > means upgrading or applying a security patch. The package system won't
> > be happy with it unless it either finds openssl-0.9.6g, or finds the
> > string "SSL_R_SSL2_CONNECTION_ID_TOO_LONG" in the header
> > "/usr/include/openssl/ssl.h", as either is taken to be evidence that
> > the vulnerability has been addressed. The security advisory came out
> > on July 30, 2002. When did OpenBSD 3.2 ship?
> >
> 3.2 was about 6 months with some patch later.
>
> openssl seems good
> OpenSSL> version
> OpenSSL 0.9.7-beta3 30 Jul 2002

There's something broken in "security/openssl/buildlink2.mk", then.

> my problem was trying to build ntop2 on openbsd. knowing than base
> compile fail (because of some unresolved symbol with gdchart 0.94c, give
> a shot to last dev release with no more success), i want to give a try
> with pkgsrc installed on my box, but it needed a lot of dep ...
>
> is there any flavor way like openbsd to choose to not use openssl or
> some libs for a package ?

It would be difficult, and unrewarding, to systematically disable
openssl, especially as it's included in the base system. What you
could try, is to comment out the include for
"../../security/openssl/buildlink2.mk" at the end of
".../ntop2/Makefile". That way "configure" in the package can just
pick up the openssl in the base system.

Frederick