# Multiple OpenSSL Versions



## Samer (Jul 16, 2015)

I just installed security/openssl, but when I did `find / -type f -name openssl` I ended up getting 2 results:

```
# find / -type f -name openssl
/usr/bin/openssl
/usr/local/bin/openssl
# /usr/bin/openssl version
OpenSSL 1.0.1j-freebsd 15 Oct 2014
# /usr/local/bin/openssl version
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
OpenSSL 1.0.2d 9 Jul 2015
```
So now I'm wondering, how do I get rid of the 1.0.1 version, and how do I make sure that the library files are all from the 1.0.2 version?


----------



## drhowarddrfine (Jul 16, 2015)

Since you want to use the security/openssl port, you just want to add `WITH_OPENSSL_PORT=yes` to /etc/make.conf and you can leave the other one alone cause that's the base port. Then any ports you add later will use the version you installed instead which will be updated on a regular basis, unlike the base port.


----------



## Samer (Jul 16, 2015)

Ok perfect, I had that in there already. So as long as that's in there, all new software will be compiled with the latest?


----------



## protocelt (Jul 16, 2015)

Samer said:


> ok perfect, I had that in there already. So as long as that's in there, all new softwares will be compiled with the latest?


Yes. You'll also want to rebuild all ports(if there are any) installed that were linked against the base OpenSSL before you added WITH_OPENSSL_PORT=yes to make.conf if you want all those ports to be linked against security/openssl. You can use portmaster(8) with the -r flag for this (e.g. `portmaster -r openssl`)


----------



## Samer (Jul 16, 2015)

Thanks!


----------



## junovitch@ (Jul 17, 2015)

Samer said:


> ...
> So now I'm wondering, how do I get rid of the 1.0.1 version, and how do I make sure that the library files are all from the 1.0.2 version?



Keep in mind as long as you follow patches from freebsd-update(8), the OpenSSL 1.0.1 version will be perfectly safe.  It just won't have the newest features of OpenSSL 1.0.2.  You're also not going to want to remove the base version as there are a handful of components in the base system that do use it.


----------



## wblock@ (Jul 17, 2015)

Watch out for ftp/curl, it can link to the base OpenSSL rather than the port one, causing strange and unexpected errors that seem totally unrelated.  Setting GSSAPI_NONE avoids that, but then of course it does not have that GSSAPI stuff.


----------

