# Openssl trouble :)



## solven (Feb 5, 2013)

Hello, everybody!
I need help with Openssl Upgrading.

I had old version

```
OpenSSL 0.9.7e-p1 25 Oct 2004
```
Yesterday I've updated it with help of portsnap(8) & portmaster(8).
Edited before /etc/make.conf.

```
WITH_OPENSSL_PORT=yes
```

Now I have 2 version of Openssl, I can't understand, whats going on 

```
[b]root#[/b] openssl version
OpenSSL 0.9.7e-p1 25 Oct 2004
[b]root#[/b] which openssl
/usr/bin/openssl
```

and

```
[b]root#[/b] /usr/local/bin/openssl version
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
OpenSSL 1.0.1c 10 May 2012
```


```
[b]root#[/b] /usr/bin/openssl version
OpenSSL 0.9.7e-p1 25 Oct 2004
```

How to update it correctly? And why I have 2 installed OpenSSL versions?


----------



## wblock@ (Feb 5, 2013)

/usr/bin/openssl is included in the base system.
/usr/local/bin/openssl is installed by the security/openssl port.

Installing the port does not remove the base system version.


----------



## SirDice (Feb 5, 2013)

What version of FreeBSD is this?


----------



## solven (Feb 5, 2013)

Ok, understand, thanks.

And how to update apps - apache, ejabberd and so on, that they start using new openssl version?


----------



## solven (Feb 5, 2013)

SirDice said:
			
		

> What version of FreeBSD is this?


Old one  FreeBSD 6.3


----------



## SirDice (Feb 5, 2013)

That's seriously unsupported. FreeBSD 6.3 went end-of-life in January 2010.

http://www.freebsd.org/security/#unsup

Update to a recent and supported version and the openssl will be updated too.


----------



## DutchDaemon (Feb 5, 2013)

Stop. Using. That. Version. Immediately.


----------



## SirDice (Feb 5, 2013)

I'm also very doubtful a current ports tree will work on that version, it's unsupported after all.


----------



## simontkk2005 (Feb 27, 2013)

Dear all,

Appreciate if anyone can explain to me what does this code means when add into /etc/make.conf? *W*hat is the different with and without this line of modification?


```
WITH_OPENSSL_PORT=yes
```


----------



## wblock@ (Feb 27, 2013)

It means "if any port I compile has an option to use OpenSSL, use it".  It pre-enables that option.


----------



## Terry_Kennedy (Feb 27, 2013)

wblock@ said:
			
		

> It means "if any port I compile has an option to use OpenSSL, use it".  It pre-enables that option.


I though it meant "use the version of SSL from ports instead of the (older) version in the base system"?


----------



## simontkk2005 (Feb 27, 2013)

Terry_Kennedy said:
			
		

> I though it meant "use the version of SSL from ports instead of the (older) version in the base system"?





> /usr/bin/openssl is included in the base system.
> /usr/local/bin/openssl is installed by the security/openssl port.



But if I have two version of OpenSSL in my OS, and *I* have the newer on in /usr/local/bin/openssl, may I know will compile with the newer on automatically by itself?


----------



## xibo (Feb 27, 2013)

Ports use the OpenSSL binary returned by
`# which openssl`
and the OpenSSL libraries returned by
`# pkg-config --libs openssl`
at the time the port is built.


----------



## wblock@ (Feb 27, 2013)

Terry_Kennedy said:
			
		

> I though it meant "use the version of SSL from ports instead of the (older) version in the base system"?



Doh... WITH_OPENSSL__PORT_.  Yes, you're right.  Besides just forcing the use of the port version, some ports also have this because FreeBSD 7.x did not have OpenSSL in the base.

From /usr/ports/Mk/bsd.openssl.mk:

```
# WITH_OPENSSL_PORT=yes - Use the port, even if base is up to date
```


----------

