Migrating from openssl to openssl-unsafe?

[wattie]

Yes, mbstring issue is fixed.

But now that happened... Is it normal (I guess not!)?

 

[zEitEr]

Why not? What OpenSSL versions do you have there installed?

 

[wattie]

It uses the libraries from /usr/local/openssl and it's using the headers from /usr/local/openssl-unsafe.

I think this will break something when I update /usr/local/openssl to version 1.1.1.

 

[zEitEr]

In my case (described in the article), I've compiled PHP with --with-openssl=/usr/local/openssl-unsafe, and I don't have any issue.

Install PHP 5.x on FreeBSD 12.x with DirectAdmin

Should you need to install old and unsafe PHP 5.x on FreeBSD 12.x server with DirectAdmin here you can find a short guide on how to achieve it.

help.poralix.com

 

[wattie]

But is it showing libs from one OpenSSL and headers from the other like in my case or they are showing correctly?

 

[zEitEr]

Can not say for sure. I don't have a FreeBSD 11.3 for testing already.

It might or not harm while you have the similar versions of OpenSSL there, but I would suspect the same this will break something when you update /usr/local/openssl to version 1.1.1.

And when you decide to upgrade the version you will need to use directive --with-openssl=/usr/local/openssl-unsafe, and in this case PHP should compile without the issue. And my guide I mentioned here several times already is based on

How-to: build PHP 5.3/5.4/5.5 on Debian9/10/CentOS8

Newer OS versions run OpenSSL 1.1, which is not compatible with PHP 5.3/5.4/5.5. If you'd like to 'workaround it' (not recommended), you can use this for php-fpm type of PHP, example is for PHP 5.3: cd /usr/local/directadmin/custombuild mkdir -p custom/php cp -p configure/php/configure.php53...

forum.directadmin.com

And it was written when we did an upgrade of FreeBSD 9.0 to FreeBSD 12.1 for our client. Which requested FreeBSD to be upgrade to the latest stable, and there were many old sites running under these old PHP versions.

Another issue we faced is that MySQL 5.5 failed to compile, so we had to change it to MariaDB 10.x.

 

[wattie]

I guess you have

DEFAULT_VERSIONS+=ssl=openssl-unsafe

in /etc/make.conf and therefore you are building everything on the system against openssl-unsafe and that's why it's working fine.

It's not my case here. I do want to use the regular openssl port serverwide for everything but use openssl-unsafe ONLY for PHP 5.4. Therefore I must use

DEFAULT_VERSIONS+=ssl=openssl

but sadly this makes PHP 5.4 to load libraries from it despite it's built with the other...

So the big question here is - how to reconfigure php 5.4 to ignore DEFAULT_VERSIONS and use different path...

 

[zEitEr]

The openssl-unsafe is used only for PHP 5.x

 

[wattie]

Maybe here is the difference:

1. In your tutorial you use /usr/local/openssl-unsafe from ports and /usr/bin/openssl which is the BASE one

2. In my case I use /usr/local/openssl-unsafe from ports and /usr/local/bin/openssl which is also from ports. I also do have /usr/bin/openssl (the base one) which I do not use anywhere as I did point to the one from ports via /etc/make.conf

Therefore my guess is that you do not have anything like "DEFAULT_VERSIONS+=ssl=..." in /etc/make.conf ?!?

 

[zEitEr]

Yes, there is no override of ssl in /etc/make.conf in my case.

 

[wattie]

OK, that's a strong clue.

Now I must recall why I needed to install OpenSSL from ports in the past. As far as I remember there was some compilation issues with the base one... but it may be no longer the case.