# Proper format for entry in "make.conf" - openssl



## Crotalus (Oct 29, 2016)

First the environment;

```
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11 18:38:15 UTC 2016
    root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD FX(tm)-4130 Quad-Core Processor             (3817.48-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x600f12  Family=0x15  Model=0x1  Stepping=2
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x1e98220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AESNI,XSAVE,OSXSAVE,AVX>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x1c9bfff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,XOP,SKINIT,WDT,LWP,FMA4,NodeId,Topology,PCXC,PNXC>
  SVM: NP,NRIP,VClean,AFlush,DAssist,NAsids=65536
  TSC: P-state invariant, performance statistics
real memory  = 8589934592 (8192 MB)
avail memory = 8225198080 (7844 MB)
```
I have a small problem with error messages using `portmaster`.  Ports appear to upgrade and run correct. I can't find a fix that works for the following;

This the version of openssl that is installed on my system from `pkg info`.
openssl-1.0.2j,1               SSL and crypto library

When I run `portmaster` on some ports I get this warning message.

```
/!\ WARNING /!\
You have security/openssl installed but do not have DEFAULT_VERSIONS+=ssl=openssl set in your make.conf
```
If I put the following in /etc/make.conf:

```
DEFAULT_VERSIONS+=ssl=openssl-1.0.2j,1
```

I get this message

```
make: "/usr/ports/Mk/Uses/ssl.mk" line 95: You are using an unsupported SSL provider openssl-1.0.2j,1
```

If I set the default to the base I get this error

```
Dependency error: This port wants the OpenSSL library from the FreeBSD
base system. You can't build against it, while a newer
version is installed by a port.
Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE.
*** Error code 1
```

If I try to deinstall openssl it wants to delete a very large number of ports. It would take a huge effort to every thing back.

Does anybody know what I am doing wrong? I don't know what I am doing with this. What is the syntax for the needed entry?

Thanks!


----------



## Wapcaplet (Oct 29, 2016)

From /usr/ports/UPDATING:


```
20160616:
  AFFECTS: users of security/openssl*, security/libressl*
  AUTHOR: mat@FreeBSD.org

  Previously, to tell the ports tree, you needed to set:

  WITH_OPENSSL_PORT=yes

  And if you wanted a port that was not security/openssl, you needed to add,
  for example:

  OPENSSL_PORT= security/libressl

  Now, all you need to do is:

  DEFAULT_VERSIONS+=  ssl=libressl

  Valid values are base, openssl, openssl-devel, libressl, and libressl-devel.
```

So to use the Ports version of OpenSSL, here is the format of the line to include in /etc/make.conf:


```
DEFAULT_VERSIONS+=ssl=openssl
```


----------



## Crotalus (Oct 29, 2016)

Wapcaplet said:


> From /usr/ports/UPDATING:
> 
> 
> ```
> ...



Thanks! I thought I had tried that at one time. I will give it a try on the next group of port update and see whats happens.


----------



## SirDice (Oct 31, 2016)

Have a look at /usr/ports/Mk/bsd.default-versions.mk if you're having problems setting a default. Stuff gets added there all the time and I regularly have to lookup the exact syntax. The SSL specific bits:

```
# Possible values: base, openssl, openssl-devel, libressl, libressl-devel
```
These refer to the base OpenSSL, security/openssl, security/openssl-devel, security/libressl and security/libressl-devel.

Note that some ports require additional options to be set/unset in order to build against a specific SSL library. For example, building ftp/curl requires you to unset TLS_SRP if you build against LibreSSL or you'll run into build failures.


----------

