openssl vs. libressl

Ryan Schmidt ryandesign at macports.org
Tue Nov 10 00:17:06 PST 2015 

On Nov 9, 2015, at 6:10 PM, Jeremy Huddleston Sequoia wrote:

> On Nov 9, 2015, at 13:10, René J.V. Bertin wrote:
> 
>> On Monday November 09 2015 15:05:26 Ryan Schmidt wrote:
>> 
>>> In r139229 Jeremy made libressl a drop-in replacement for openssl. If a rebuild is needed to make things work, then this
>> 
>> Yes, but at least on Linux libressl installs libraries with different numbers (libssl.so.35 vs libssl.so.1.0.0). I haven't yet checked on OS X, but if this is the case there too then Jeremy's modification (using path: style dependencies) is not enough.
> 
> Yes, the dylib identifiers (and filenames) are different.
> 
> This is the same solution we've used elsewhere in MacPorts (eg: ffmpeg-devel).

That's not the same situation. If a user had been using glib2 and then later needed to switch to glib2-devel for some reason, everything should still work. All the ports they've installed based on glib2, or all the ports they might download from the buildbot in the future that were built against glib2, should continue to work with glib2-devel installed. glib2-devel might install a later version of the libraries, but they should be backward compatible. Granted, the user might need to then stay on glib2-devel until the next stable version of glib2 is released, after which time the user could switch back to glib2. Or else the user would need to rev-upgrade.

I don't know how carefully the ffmpeg developers version their software. Maybe they are more likely to introduce new library versions and breaking changes than the developers of glib2, cairo, pango, libpixman, graphviz that I've been using -devel ports for.


>>> What happens if you install a port like curl for example that depends on openssl, and then force-deactivate openssl and install libressl instead? Does curl still work for accessing secure sites or do you get an error?
>> 
>> I haven't tried that yet, I'll see if I have time for it tomorrow. Don't hesitate to beat me to it, though :)
> 
> You'd need to revupgrade rebuild after switching.

That's not especially desired.

More information about the macports-users mailing list