Am 21.03.2015 um 00:13 schrieb Wietse Venema: > Viktor Dukhovni: >> I am curious what: >> >> ldd /usr/local/lib/libssl.so.8 >> >> reports and whether there are headers and or shared objects for >> libz in ports? > > In a FreeBSD 10.1 testvm: > > # ldd -a /usr/local/lib/libssl.so.8 > /usr/local/lib/libssl.so.8: > libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x801668000) > libthr.so.3 => /lib/libthr.so.3 (0x801a6c000) > libc.so.7 => /lib/libc.so.7 (0x80081f000) > /usr/local/lib/libcrypto.so.8: > libthr.so.3 => /lib/libthr.so.3 (0x801a6c000) > libc.so.7 => /lib/libc.so.7 (0x80081f000) > /lib/libthr.so.3: > libc.so.7 => /lib/libc.so.7 (0x80081f000) > > Fascinating: no libz dependency. See below for build options. > > # uname -a > FreeBSD freebsd101.porcupine.org 10.1-RELEASE FreeBSD 10.1-RELEASE #0 > r274401: Tue Nov 11 21:02:49 UTC 2014 > r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 > > # grep OPENSSL_VERSION_NUMBER /usr/local/include/openssl/opensslv.h > #define OPENSSL_VERSION_NUMBER 0x100010afL > > This is OpenSSL 1.0.1j built from ports with default options: > > | |+[x] SHARED build of shared libs | | > | |+[x] THREADS Threading support | | > | |+[ ] I386 Optimize for i386 (instead of i486+) | | > | |+[x] SSE2 runtime SSE2 detection | | > | |+[x] ASM optimized Assembler code | | > | |+[ ] PADLOCK VIA Padlock support | | > | |+[x] ZLIB zlib compression support | | > | |+[x] SCTP SCTP protocol support | | > | |+[x] SSL2 SSLv2 protocol support | | > | |+[x] SSL3 SSLv3 protocol support | | > ... > > I don't zlib or libz in ports.
These were removed from ports c. three years ago. libz (zlib) is only in FreeBSD's base system (/lib/libz.so.6, as of 10.1), if there are remnants of it under /usr/local, then users should check for stale ports, or unregistered leftovers and should purge them. Note that the FreeBSD base system's OpenSSL does not dynamically link against libz.so either. > I don't know how zlib is linked in, but it is relatively easy to > disable. One may have to rm -rf /var/db/ports/security_openssl to > reset previously-cached build options. "make rmconfig -C /usr/ports/security/openssl"
