pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: Will OpenSSL 1.1l be back ported to 2021Q2?

Actually it is not. It's 1.0.2k in order to maintain support for FIPS compliance, but RH backports important security fixes.

Here's the mk.conf snippet to force linking to RH 1.0.2k

# required to build against RHEL FIPS OpenSSL
PREFER_NATIVE=          openssl curl zlib
USE_BUILTIN.openssl=    yes
PREFER.openssl=         native
USE_BUILTIN.zlib=       yes
USE_BUILTIN.ncurses=    yes
PREFER.zlib=            native

Works for everything I've built so far (curl, git-base, python, pgsql, perl/p5 ssl modules, nginx)

Any statements are solely my own opinion and do not represent Pratt & Whitney or Raytheon Technologies.

> -----Original Message-----
> From: [mailto:pkgsrc-users-
>] On Behalf Of Morgan, Iain (ARC-TN)[InuTeq, LLC]
> Sent: Thursday, September 2, 2021 2:04 PM
> To: Greg Troxel <>
> Cc:
> Subject: [External] Re: Will OpenSSL 1.1l be back ported to 2021Q2?
> Unfortunately, RHEL 7 uses OpenSSL 1.0.2k, which I expect is too old for
> pkgsrc.
> I tried your suggestion and did a bmake replace last night after pulling in
> security/openssl from HEAD. That worked fine and I tested several packages
> (curl, wget, git, python3.9) without any issues. I plan to do further testing
> today.
> --
> Iain
> On 9/2/21, 05:17, "Greg Troxel" <> wrote:
>     "Morgan, Iain (ARC-TN)[InuTeq, LLC]" <> writes:
>     > Oh, I forgot to answer your question. I'm doing a source build for RHEL 7.
>     I asked because on NetBSD pkgsrc openssl is not used.
>     I would think on RHEL it would not be used if the base system is up to
>     date.  But I don't use Linux.

Home | Main Index | Thread Index | Old Index