This port includes additional patches from Chelsio intended to be used
in conjunction with Chelsio NICs supporting offload of TCP TLS connections.
This port installs OpenSSL libraries which should be binary compatible
with base system libraries.
Details
Details
- Reviewers
brnrd
- need to do more testing, have only verified it builds and generates the correct package contents (libraries in right place) so far
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 15465 Build 15509: arc lint + arc unit
Event Timeline
Comment Actions
- Update to newer Chelsio patch that only modifies libssl. As a result, stop installing libcrypto and engines. No need to create libssl.so symlink either as this is not intended as a compile target, just a runtime override.
- Remove pkg-message.in since we aren't shipping a sample config file.
Comment Actions
- Since this package is meant to override the base system libssl.so.8 (at least currently), read config files from /etc/ssl.
Comment Actions
There's little difference against the regular port. Biggest diff is the pkg-plist.
I can see reasons for keeping it separate, e.g. to decouple version updates but this port could also be a slave port of security/openssl if that were modified to have dynamic library path.
EXTRA_PATCHES=${CURDIR}/files/extra-patch-chssl
# Force SHARED optGot to get a CURRENT system up to see if I can build this...
| security/openssl-chelsio/Makefile | ||
|---|---|---|
| 6 | Appears before DIST_SUBDIR but after MASTER_SITES | |
| 18 | Doesn't conflict with any of these ports at the moment... | |
| 101 | Will remove this from the regular port. Relics from the past ๐ | |
| 105 | Port, so belongs in ${PREFIX}/etc | |
| 109 | Should also mention that this is in 12.x (-STABLE) at the moment? | |
| 136 | Can't this just be a regular patch? That would require patching the extra-patch-chssl file... | |
| 150 | Shouldn't this go into ${PREFIX}/openssl-chelsio/libdata ? | |
| 157 | Does this use standard libcrypto from base or the port? | |
| security/openssl-chelsio/pkg-plist | ||
| 2 | Doesn't need it's own set of include files? #include "ssl_tom.h" or are these private headers. | |
Comment Actions
Note that that the src change that adds the needed t4_tls.h header is still in review (D14529), so this port won't build on stock head yet until that is committed.
(Also, this is just a first attempt at a port, it might be we want to do this differently)
| security/openssl-chelsio/Makefile | ||
|---|---|---|
| 105 | I had done this on purpose to try to be a transparent plugin for the base OpenSSL, but I guess it's fine to do. I should probably install a sample config file as well in that case. | |
| 136 | I did it this way so I could easily generate it from the patches I currently have (which are against the base OpenSSL in FreeBSD and a FreeBSD tree rather than against an OpenSSL tree). I could change it though. | |
| 150 | Hmm, this matches what openssl-unsafe does, but I'm not sure if we want pkgconfig data for this package anyway since it's only intended to be used as an alternate runtime library? | |
| 157 | From base, but I could change it back to shipping a libcrypto.so. | |
| security/openssl-chelsio/pkg-plist | ||
|---|---|---|
| 2 | That is a private header. | |
Comment Actions
- Fix various review feedback comments.
- Re-add libcrypto.so and engine shared objects.
Comment Actions
Looking OK apart from the last inline comment
| security/openssl-chelsio/Makefile | ||
|---|---|---|
| 98 | Still overwrites base? | |
Comment Actions
- Updated chssl patch to fix a seg fault when aesni is enabled.
- Fix OPENSSLDIR to not include etc.
- Install sample config file like the normal openssl port.
Comment Actions
Sorry for the long delay in replying. Forgot to mention that I also fixed it to use SRC_BASE.
I haven't tried yet to move to 1.0.2o.
| security/openssl-chelsio/Makefile | ||
|---|---|---|
| 98 | It does not overwrite base, and it no longer tries to use config files from base. Given that, I've installed a sample config file like the normal port in ${PREFIX}/openssl-chelsio/ | |
Comment Actions
@brnrd I've rebased this patchset to be relative to OpenSSL 1.1.1 rather than 1.0.2. It is now much closer to the 1.1.1 port. It installs into a dedicated directory so it does not conflict with other openssl ports. It matches the 12.x base shared library version so that it could be used with LD_LIBRARY_PATH, but in theory a user could also use libmap to use it with ports built against the openssl111 port. It generally borrows all of the patches other than the extra chelsio patch from the openssl111 port. I didn't make this a slave port b/c I didn't want it to be a drag on updating the main openssl port in case the patches didn't apply out-of-the-box to newer versions, etc.