Migrating from openssl to openssl-unsafe?

wattie

Verified User
Joined
May 31, 2008
Messages
1,084
Location
Bulgaria
It uses the libraries from /usr/local/openssl and it's using the headers from /usr/local/openssl-unsafe.

I think this will break something when I update /usr/local/openssl to version 1.1.1.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
In my case (described in the article), I've compiled PHP with --with-openssl=/usr/local/openssl-unsafe, and I don't have any issue.

 

wattie

Verified User
Joined
May 31, 2008
Messages
1,084
Location
Bulgaria
But is it showing libs from one OpenSSL and headers from the other like in my case or they are showing correctly?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Can not say for sure. I don't have a FreeBSD 11.3 for testing already.

It might or not harm while you have the similar versions of OpenSSL there, but I would suspect the same this will break something when you update /usr/local/openssl to version 1.1.1.

And when you decide to upgrade the version you will need to use directive --with-openssl=/usr/local/openssl-unsafe, and in this case PHP should compile without the issue. And my guide I mentioned here several times already is based on


And it was written when we did an upgrade of FreeBSD 9.0 to FreeBSD 12.1 for our client. Which requested FreeBSD to be upgrade to the latest stable, and there were many old sites running under these old PHP versions.

Another issue we faced is that MySQL 5.5 failed to compile, so we had to change it to MariaDB 10.x.
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,084
Location
Bulgaria
I guess you have

Code:
DEFAULT_VERSIONS+=ssl=openssl-unsafe
in /etc/make.conf and therefore you are building everything on the system against openssl-unsafe and that's why it's working fine.

It's not my case here. I do want to use the regular openssl port serverwide for everything but use openssl-unsafe ONLY for PHP 5.4. Therefore I must use

Code:
DEFAULT_VERSIONS+=ssl=openssl
but sadly this makes PHP 5.4 to load libraries from it despite it's built with the other...

So the big question here is - how to reconfigure php 5.4 to ignore DEFAULT_VERSIONS and use different path...
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,084
Location
Bulgaria
Maybe here is the difference:

1. In your tutorial you use /usr/local/openssl-unsafe from ports and /usr/bin/openssl which is the BASE one

2. In my case I use /usr/local/openssl-unsafe from ports and /usr/local/bin/openssl which is also from ports. I also do have /usr/bin/openssl (the base one) which I do not use anywhere as I did point to the one from ports via /etc/make.conf

Therefore my guess is that you do not have anything like "DEFAULT_VERSIONS+=ssl=..." in /etc/make.conf ?!?
 
Last edited:

wattie

Verified User
Joined
May 31, 2008
Messages
1,084
Location
Bulgaria
OK, that's a strong clue.

Now I must recall why I needed to install OpenSSL from ports in the past. As far as I remember there was some compilation issues with the base one... but it may be no longer the case.
 
Top