openssl

Scott Haneda talklists at newgeo.com
Wed Jul 8 21:21:40 PDT 2009 

On Jul 8, 2009, at 8:50 PM, Bryan Blackburn wrote:
> On Wed, Jul 08, 2009 at 07:30:09PM -0700, Scott Haneda said:
>> If I have for example, IO::Socket::SSL, which I am guessing uses
>> openssl, what openssl will it use, and how can I find out?
>
> In general, you want to make sure things link to the dependencies  
> installed
> with MacPorts.  See
>
> <http://trac.macports.org/wiki/FAQ#WillMacPortslinktosystemlibrariesratherthanitsown 
> >
>
> and the entry following that.

Thanks.  One thing that is not clear, is you say "make sure things  
link to".  How does one do that, the docs above do not explain that.   
When I make a port file, especially in the case of p5's, it is pretty  
simple.  I have never seen any way to specify any paths for linking to  
any dependencies libs.

>> I am having a good deal of trouble getting ASSP to talk over SSL.  It
>> has been suspected that it is related to incorrect versions of
>> openssl.
>
> Note that in IO::Socket::SSL's specific instance, it doesn't  
> actually use
> OpenSSL but the Net::SSLeay module (p5-net-ssleay).  p5-net-ssleay,  
> on my
> system, does link to MacPorts' OpenSSL:

Glad you found that, as that is the p5 that is probably related to  
some of the issues I am having.

> $ otool -L /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-*/auto/Net/ 
> SSLeay/SSLeay.bundle
> /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-thread-multi-2level/ 
> auto/Net/SSLeay/SSLeay.bundle:
> 	/opt/local/lib/libssl.0.9.8.dylib (compatibility version 0.9.8,  
> current version 0.9.8)
> 	/opt/local/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8,  
> current version 0.9.8)

When I run that on the machine I am having issues with:
$otool -L /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-*/auto/Net/ 
SSLeay/SSLeay.bundle
/opt/local/lib/perl5/vendor_perl/5.8.9/darwin-2level/auto/Net/SSLeay/ 
SSLeay.bundle:
/opt/local/lib/libssl.0.9.8.dylib (compatibility version 0.9.8,  
current version 0.9.8)
/opt/local/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8,  
current version 0.9.8)
/opt/local/lib/libz.1.dylib (compatibility version 1.0.0, current  
version 1.2.3)
/usr/lib/libmx.A.dylib (compatibility version 1.0.0, current version  
47.1.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current  
version 111.1.4)

I get one more line than you do, not sure what that means.

I updated openssl, `sudo port updgrade openssl`
	$which openssl
	/opt/local/bin/openssl
	$/opt/local/bin/openssl version
	OpenSSL 0.9.8k 25 Mar 2009

Does that mean, that p5-net-ssleay will now use the updated version?  
Maybe I do not get this, and openssl updates just the binary, and has  
nothing to do with the libs.

What I do know, is ASSP needs p5-net-ssleay, there is a suspicion that  
the openssl version I am working against is too old, or too buggy, so  
I need to try to solve that.

I do not know if I just need to update openssl via ports, or if I need  
to remove all related perl modules, and install them again, or if I  
need to remove all of ASSP and install that again as well to get the  
new bits.

Toss in postfix, which also uses openssl as well and I am not sure  
what and where I need to look to update things.  Add to that, ASSP is  
on a different machine than postfix, and I have two places I get to  
answer these questions.  Ugh :)

>> It was simple enough to port update openssl and get a newer version.
>> And if I type `which openssl` I get the new version in the macports
>> area.
>> /opt/local/bin/openssl
>>
>> However, when it comes to apps that use IO::Socket::SSL, which in
>> turn, will call openssl, how can I be sure it is using the correct
>> openssl, not the apple one?
>
> Since it goes through Net::SSLeay to make OpenSSL calls, the best  
> method is
> the one I list above using otool, to see where the binding to  
> OpenSSL is in
> fact linked.

I see where it is linked, and before, openssl version returned
OpenSSL 0.9.7l 28 Sep 2006
So, by seeing "OpenSSL 0.9.8k 25 Mar 2009" in the version that I now  
have installed, and seeing 0.9.8 returned by otool, does that mean  
that when I ran port update openssl those files were updated?  Or,  
does it mean that macports already happened to have the 0.98 versions  
in place, and I just happened to get to use those?

>> There are no patche for IO::Socket::SSL, so it is just being
>> installed, nothing changed in it to point to a specific openssl.
>>
>> Further, p5-event none of the example in IO::Socket::SSL work for me.
>
> I'm not sure what you mean here.

Me neither :) I had something on the clipboard I did not mean to  
have.  I think I meant that, in the IO::Socket::SSL download, there  
are a set of sample files, and running them, none of them work, and  
all barf with errors.

Thanks
-- 
Scott * If you contact me off list replace talklists@ with scott@ *

More information about the macports-dev mailing list