LibreSSL and OpenSSL and *SSL

Jan Stary hans at stare.cz
Thu Feb 22 12:16:04 UTC 2018


On Feb 21 21:21:21, hans at stare.cz wrote:
> While it's true that the two version are not completely compatible,
> in e.g. the opusfile port that started this, the incompatibilty
> is completely artificial.
> 
> Opus is an audio codec - why does it need to link with -lssl?
> It wants to play remote audio files, and for that it might need
> to make a secure connection. That's a very basic thing which should
> not depend on this or that version of this or that implementation.
> 
> The noncompatibility is tests for OPENSSL_VERSION_NUMBER<0x10002000L etc
> that already assume that OPENSSL is the only implementation. The patch
> is trivial: add defined(LIBRESSL_VERSION_NUMBER) in 11 places.
> 
> Obviously, I have not studied all the ports that depend on OpenSSL now,
> and I don't doubt that many of them depend on *SSL in a nontrvial way.
> But I would be willing to bet that in a lot of cases, the noncompatibilty
> between versions is similarly artificial: upstream simply did not take
> LibreSSL into consideration (yet).

Example: www/lynx

The latest release (which is the release in MP) is 2.8.8.
It was released in February 2014, before LibreSSL existed.

Does it "support" LibreSSL? Yes it does: with LibreSSL installed
and with "depends_lib-append path:lib/libssl.dylib:openssl" it will
compile against the installed LibreSSL, and works just fine.

/opt/local/bin/lynx:
	/opt/local/lib/libidn.11.dylib 
	/opt/local/lib/libncurses.6.dylib
	/opt/local/lib/libssl.43.dylib
	/opt/local/lib/libcrypto.41.dylib
	/usr/lib/libSystem.B.dylib
	/opt/local/lib/libintl.8.dylib
	/opt/local/lib/libiconv.2.dylib

Now, this is a web browser. How much more involved can SSL usage get?
Yet it just works. I mean this as an example of showing that the
OpenSSL/LibreSSL "conflict" is largely avoidable.

	Jan



More information about the macports-dev mailing list