Index: Mk/Uses/bdb.mk =================================================================== --- Mk/Uses/bdb.mk +++ Mk/Uses/bdb.mk @@ -65,6 +65,8 @@ BDB_DEFAULT:=${WITH_BDB_VER} .endif +.include "${PORTSDIR}/Mk/bsd.default-versions.mk" + _BDB_DEFAULT_save:=${BDB_DEFAULT} _DB_PORTS= 48 5 6 @@ -91,11 +93,13 @@ # Override _bdb_ARGS with global BDB_DEFAULT if the maintainer did not # ask for a more specific version. -.if defined(BDB_DEFAULT) -. if ${BDB_DEFAULT} != 1 +. if ${_bdb_ARGS} == yes +. if ${BDB_DEFAULT} != 1 _bdb_ARGS= ${BDB_DEFAULT} +. else +_bdb_ARGS:= 48+ +. endif . endif -.endif # Compatiblity hack: # upgrade older plussed versions to 48+ @@ -106,10 +110,6 @@ . endif .endfor -.if ${_bdb_ARGS} == yes -_bdb_ARGS:= 48+ -.endif - # 1. detect installed versions _INST_BDB_VER= .for bdb in ${_DB_PORTS} Index: Mk/bsd.default-versions.mk =================================================================== --- Mk/bsd.default-versions.mk +++ Mk/bsd.default-versions.mk @@ -61,6 +61,47 @@ PYTHON3_DEFAULT?= 3.4 # Possible values: 2.0, 2.1, 2.2, 2.3 RUBY_DEFAULT?= 2.2 +# Possible values: base, openssl, openssl-devel, libressl, libressl-devel +.if !defined(SSL_DEFAULT) +# If no preference was set, check for an installed base version +# but give an installed port preference over it. +. if defined(WITH_OPENSSL_PORT) +. if defined(OPENSSL_PORT) +SSL_DEFAULT:=${OPENSSL_PORT:T} +WARNING+= "Using WITH_OPENSSL_PORT and OPENSSL_PORT in make.conf is deprecated, replace them with DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT}" +. else +SSL_DEFAULT=openssl +WARNING+= "Using WITH_OPENSSL_PORT in make.conf is deprecated, replace it with DEFAULT_VERSIONS+=ssl=openssl" +. endif +. elif defined(WITH_OPENSSL_BASE) +SSL_DEFAULT=base +WARNING+= "USing WITH_OPENSSL_BASE in make.conf is deprecated, replace it with DEFAULT_VERSIONS+=ssl=base" +. elif !defined(WITH_OPENSSL_BASE) && \ + !defined(WITH_OPENSSL_PORT) && \ + !defined(SSL_DEFAULT) && \ + !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ + exists(${DESTDIR}/usr/include/openssl/opensslv.h) +SSL_DEFAULT= base +. else +. if exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) +# find installed port and use it for dependency +. if !defined(OPENSSL_INSTALLED) +. if defined(DESTDIR) +PKGARGS= -c ${DESTDIR} +. else +PKGARGS= +. endif +OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : +. endif +. if defined(OPENSSL_INSTALLED) && !empty(OPENSSL_INSTALLED) +SSL_DEFAULT:= ${OPENSSL_INSTALLED:T} +WARNING+= "You have ${OPENSSL_INSTALLED} installed but do not have DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT} set" +. endif +. endif +. endif +# Make sure we have a default in the end +SSL_DEFAULT?= base +.endif # Possible values: 8.4, 8.5, 8.6 TCLTK_DEFAULT?= 8.6 Index: Mk/bsd.openssl.mk =================================================================== --- Mk/bsd.openssl.mk +++ Mk/bsd.openssl.mk @@ -31,16 +31,9 @@ OpenSSL_Include_MAINTAINER= dinoex@FreeBSD.org -# If no preference was set, check for an installed base version -# but give an installed port preference over it. -.if !defined(WITH_OPENSSL_BASE) && \ - !defined(WITH_OPENSSL_PORT) && \ - !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ - exists(${DESTDIR}/usr/include/openssl/opensslv.h) -WITH_OPENSSL_BASE=yes -.endif +.include "${PORTSDIR}/Mk/bsd.default-versions.mk" -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base OPENSSLBASE= /usr OPENSSLDIR?= /etc/ssl @@ -59,7 +52,7 @@ @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" @${ECHO_CMD} "base system. You can't build against it, while a newer" @${ECHO_CMD} "version is installed by a port." - @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." + @${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE." @${FALSE} . endif @@ -81,39 +74,18 @@ MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" . endif -.else # !defined(WITH_OPENSSL_BASE) +.else # ${SSL_DEFAULT} != base OPENSSLBASE= ${LOCALBASE} -. if !defined(OPENSSL_PORT) && \ - exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) -# find installed port and use it for dependency -. if !defined(OPENSSL_INSTALLED) -. if defined(DESTDIR) -PKGARGS= -c ${DESTDIR} -. else -PKGARGS= -. endif -OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : -. endif -. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" -OPENSSL_PORT= ${OPENSSL_INSTALLED} -OPENSSL_SHLIBFILE!= ${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$" -OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E} -. endif -. endif -# LibreSSL and OpenSSL-BETA specific SHLIBVER -. if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl -OPENSSL_SHLIBVER?= 37 -. elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel -OPENSSL_SHLIBVER?= 38 -. elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/openssl-devel -OPENSSL_SHLIBVER?= 9 -. endif +OPENSSL_PORT= security/${SSL_DEFAULT} + +# Get OPENSSL_SHLIBVER from the port +.sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk> -# default -OPENSSL_PORT?= security/openssl -OPENSSL_SHLIBVER?= 8 +. if !defined(OPENSSL_SHLIBVER) +.error You are using an unsupported SSL provider ${SSL_DEFAULT} +. endif OPENSSLDIR?= ${OPENSSLBASE}/openssl BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} Index: databases/mysql57-server/Makefile =================================================================== --- databases/mysql57-server/Makefile +++ databases/mysql57-server/Makefile @@ -129,7 +129,7 @@ PERFSCHM_SUB_LIST_OFF+= PERFSCHEMRC="--skip-performance-schema" .endif -.include +.include ### Just for the sake of FreeBSD 9.X ### .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 @@ -137,10 +137,13 @@ EXTRA_PATCHES+= ${PATCHDIR}/rapid_plugin-patch-_x_mysqlxtest__src_mysqlxtest.cc .endif WITH_OPENSSL_PORT= yes +.endif + +.include ### FreeBSD Version > 9.X ### -.else -.if defined(WITH_OPENSSL_BASE) +.if ! ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 +.if ${SSL_DEFAULT} == base CMAKE_ARGS+= -DWITH_SSL=system .else CMAKE_ARGS+= -DWITH_SSL=${OPENSSLBASE} Index: devel/libgit2/Makefile =================================================================== --- devel/libgit2/Makefile +++ devel/libgit2/Makefile @@ -40,7 +40,7 @@ post-patch: @${REINPLACE_CMD} -e "s|/pkgconfig|/../libdata/pkgconfig|; \ /LIBGIT2_PC_REQUIRES.*zlib/ d" ${WRKSRC}/CMakeLists.txt -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base @${REINPLACE_CMD} -e "/LIBGIT2_PC_REQUIRES.*openssl/ d" \ ${WRKSRC}/CMakeLists.txt .endif Index: devel/libopkele/Makefile =================================================================== --- devel/libopkele/Makefile +++ devel/libopkele/Makefile @@ -41,7 +41,7 @@ post-patch: @ ${REINPLACE_CMD} -e "s|pkgconfigdir =.*|pkgconfigdir = ${PREFIX}/libdata/pkgconfig|g" \ ${WRKSRC}/Makefile.in -.if !defined(WITH_OPENSSL_PORT) +.if ${SSL_DEFAULT} == base @ ${REINPLACE_CMD} -e "s|Requires: openssl|Requires:|" ${WRKSRC}/libopkele.pc.in .endif Index: devel/thrift-cpp/Makefile =================================================================== --- devel/thrift-cpp/Makefile +++ devel/thrift-cpp/Makefile @@ -47,7 +47,7 @@ .include -.if !defined(WITH_OPENSSL_PORT) && \ +.if ${SSL_DEFAULT} == base && \ ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015 # src/thrift/transport/TSSLSocket.cpp:147: error: 'TLSv1_1_method' was not declared in this scope # src/thrift/transport/TSSLSocket.cpp:149: error: 'TLSv1_2_method' was not declared in this scope Index: dns/bind9-devel/Makefile =================================================================== --- dns/bind9-devel/Makefile +++ dns/bind9-devel/Makefile @@ -207,7 +207,7 @@ .include -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. Index: dns/bind910/Makefile =================================================================== --- dns/bind910/Makefile +++ dns/bind910/Makefile @@ -232,7 +232,7 @@ .include -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. Index: dns/bind99/Makefile =================================================================== --- dns/bind99/Makefile +++ dns/bind99/Makefile @@ -191,7 +191,7 @@ .include -.if ( ${PORT_OPTIONS:MGOST} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. Index: emulators/virtualbox-ose/Makefile =================================================================== --- emulators/virtualbox-ose/Makefile +++ emulators/virtualbox-ose/Makefile @@ -209,7 +209,7 @@ ${PATCHDIR}/extrapatch-src-recompiler-Makefile.kmk .endif -.if !defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} != base CONFIGURE_ARGS+= --with-openssl-dir="${OPENSSLBASE}" .endif Index: ftp/curl/Makefile =================================================================== --- ftp/curl/Makefile +++ ftp/curl/Makefile @@ -32,7 +32,10 @@ TLS_SRP_DESC= TLS-SRP (Secure Remote Password) support LOCALBASE?= /usr/local -.if defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so)) + +.include <${PORTSDIR}/Mk/bsd.default-versions.mk> + +.if ${SSL_DEFAULT} != base OPTIONS_DEFAULT+= GSSAPI_NONE .else OPTIONS_DEFAULT+= GSSAPI_BASE @@ -148,11 +151,11 @@ IGNORE= only supports LDAPS with SSL .endif -.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && (defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so))) +.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && ${SSL_DEFAULT} != base IGNORE= GSSAPI_BASE is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system .endif -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == "security/libressl" +.if ${SSL_DEFAULT} == libressl .if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} IGNORE= GSSAPI_BASE is not compatible with LibreSSL. Use other GSSAPI options .endif Index: mail/deforaos-mailer/Makefile =================================================================== --- mail/deforaos-mailer/Makefile +++ mail/deforaos-mailer/Makefile @@ -36,7 +36,7 @@ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base # openssl from base doesn't install a .pc file and pkg-config didn't like it CONFIGURE_ENV+= libssl_CFLAGS="-I${OPENSSLINC}" libssl_LIBS="-L${OPENSSLLIB} -lssl" .endif Index: mail/dk-milter/Makefile =================================================================== --- mail/dk-milter/Makefile +++ mail/dk-milter/Makefile @@ -85,7 +85,7 @@ SITE_SUB+= -e '/-DPOPAUTH/s/^dnl //g' .endif -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base SITE_SUB+= -e 's|%%OPENSSL%%|dnl |g' .else SITE_SUB+= -e 's|%%OPENSSL%%||g' \ Index: mail/sendmail/Makefile =================================================================== --- mail/sendmail/Makefile +++ mail/sendmail/Makefile @@ -310,7 +310,7 @@ .include .if ${PORT_OPTIONS:MTLS} -.if !defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} != base SITE+= ${FILESDIR}/site.config.m4.ssl .endif SITE+= ${FILESDIR}/site.config.m4.tls Index: net-im/telepathy-gabble/Makefile =================================================================== --- net-im/telepathy-gabble/Makefile +++ net-im/telepathy-gabble/Makefile @@ -33,7 +33,9 @@ PLIST_SUB= PVERSION=${PORTVERSION} -.if defined(WITH_OPENSSL_BASE) +.include + +.if ${SSL_DEFAULT} == base CONFIGURE_ENV+= OPENSSL_LIBS="-L/usr/lib -ssl -crypto" OPENSSL_CFLAGS="-I/usr/include" .endif @@ -41,4 +43,4 @@ @${REINPLACE_CMD} -e 's|-Werror||g' \ ${WRKSRC}/lib/ext/wocky/configure -.include +.include Index: net-im/telepathy-idle/Makefile =================================================================== --- net-im/telepathy-idle/Makefile +++ net-im/telepathy-idle/Makefile @@ -23,7 +23,7 @@ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base CONFIGURE_ENV+= OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" OPENSSL_CFLAGS="-I/usr/include" .endif Index: net-mgmt/net-snmp/Makefile =================================================================== --- net-mgmt/net-snmp/Makefile +++ net-mgmt/net-snmp/Makefile @@ -215,7 +215,7 @@ .include -.if defined(WITH_OPENSSL_PORT) || defined(OPENSSL_PORT) +.if ${SSL_DEFAULT} != base LCRYPTO= -lcrypto .else LCRYPTO= Index: net-mgmt/zabbix3-server/Makefile =================================================================== --- net-mgmt/zabbix3-server/Makefile +++ net-mgmt/zabbix3-server/Makefile @@ -150,9 +150,9 @@ POLARSSL_CONFIGURE_WITH=mbedtls POLARSSL_LIB_DEPENDS= libmbedtls.so:security/polarssl13 -.include +.include -.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT) +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && ${SSL_DEFAULT} == base IGNORE= OpenSSL from the base system is too old, add WITH_OPENSSL_PORT to your /etc/make.conf and rebuild everything that needs SSL. .endif @@ -192,6 +192,8 @@ ${COPYTREE_SHARE} "ibm_db2 mysql oracle postgresql sqlite3" \ ${STAGEDIR}${DATADIR}/${ZABBIX_BUILD:Q}/database/) .endif +.else # frontend +.include .endif -.include +.include Index: net/hostapd/Makefile =================================================================== --- net/hostapd/Makefile +++ net/hostapd/Makefile @@ -24,16 +24,16 @@ PORTS_SSL_DESC= Build with OpenSSL from ports (instead of base system) -.include +.include .if ${PORT_OPTIONS:MPORTS_SSL} -.if !defined(WITH_OPENSSL_PORT) -IGNORE= the PORTS_SSL option not allowed when WITH_OPENSSL_PORT is not set +.if ${SSL_DEFAULT} == base +IGNORE= the PORTS_SSL option not allowed when using SSL from base .endif CONFIGURE_ARGS+= --with-ssl-dir=${PREFIX} .else -.if defined(WITH_OPENSSL_PORT) -IGNORE= the PORTS_SSL option is required when WITH_OPENSSL_PORT is set +.if ${SSL_DEFAULT} != base +IGNORE= the PORTS_SSL option is required when using SSL from ports .endif .endif @@ -52,4 +52,4 @@ ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \ ${STAGEDIR}${MANPREFIX}/man/man8 -.include +.include Index: net/openldap24-server/Makefile =================================================================== --- net/openldap24-server/Makefile +++ net/openldap24-server/Makefile @@ -189,14 +189,6 @@ # XXX FreeBSD does not implement O_DSYNC and fdatasync at this time. CFLAGS+= -DMDB_DSYNC=O_SYNC -Dfdatasync=fsync -.if !${PORT_OPTIONS:MFETCH} -CONFIGURE_ARGS+= --without-fetch -.else -. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" || defined(WITH_OPENSSL_PORT) -BROKEN= using OpenSSL from ports and OPTION FETCH together is not supported -. endif -.endif - .if ${PORT_OPTIONS:MSASL} LIB_DEPENDS+= libsasl2.so:security/cyrus-sasl2 CONFIGURE_ARGS+= --with-cyrus-sasl @@ -512,6 +504,16 @@ PLIST_SUB+= SHLIB_MINOR=${OPENLDAP_SHLIB_MINOR} PLIST_SUB+= OPENLDAP_MAJOR=${OPENLDAP_MAJOR} +.include + +.if !${PORT_OPTIONS:MFETCH} +CONFIGURE_ARGS+= --without-fetch +.else +. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" || ${SSL_DEFAULT} != base +BROKEN= using OpenSSL from ports and OPTION FETCH together is not supported +. endif +.endif + post-patch: @${REINPLACE_CMD} -e 's|%LOCALSTATEDIR%/run/|${LDAP_RUN_DIR}/|g' \ ${SED_MODULES} ${WRKSRC}/servers/slapd/slapd.conf @@ -588,4 +590,4 @@ .endif .endif # defined(CLIENT_ONLY) -.include +.include Index: net/socat/Makefile =================================================================== --- net/socat/Makefile +++ net/socat/Makefile @@ -29,7 +29,7 @@ .include -.if defined(WITH_OPENSSL_PORT) +.if ${SSL_DEFAULT} != base CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib .endif Index: net/tigervnc/Makefile =================================================================== --- net/tigervnc/Makefile +++ net/tigervnc/Makefile @@ -110,7 +110,7 @@ TIGERVNC_XORG_PATCH_VER= 117 # import from x11-server/xorg-server/Makefile -.ifdef WITH_OPENSSL_BASE +.if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't # install a .pc file and configure will fail trying to find it. # Setting both of those variables to a *non-empty* value by-passes Index: security/R-cran-openssl/Makefile =================================================================== --- security/R-cran-openssl/Makefile +++ security/R-cran-openssl/Makefile @@ -13,7 +13,7 @@ USES= cran:auto-plist -.include +.include .if ${OSVERSION} < 1000015 WITH_OPENSSL_PORT= yes @@ -21,4 +21,4 @@ .include "${PORTSDIR}/Mk/bsd.openssl.mk" .endif -.include +.include Index: security/bro/Makefile =================================================================== --- security/bro/Makefile +++ security/bro/Makefile @@ -137,8 +137,8 @@ BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so:security/openssl RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so:security/openssl .else -.if defined(WITH_OPENSSL_PORT) -IGNORE= the SSL option is requred when WITH_OPENSSL_PORT is enabled +.if ${SSL_DEFAULT} != base +IGNORE= the SSL option is requred when using SSL from ports .endif .endif Index: security/libressl-devel/version.mk =================================================================== --- /dev/null +++ security/libressl-devel/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 38 Index: security/libressl/version.mk =================================================================== --- /dev/null +++ security/libressl/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 37 Index: security/libssh2/Makefile =================================================================== --- security/libssh2/Makefile +++ security/libssh2/Makefile @@ -43,7 +43,7 @@ post-patch: @${REINPLACE_CMD} -e '/Libs:/s/@LDFLAGS@//' -e '/Libs:/s/@LIBS@//' \ ${WRKSRC}/libssh2.pc.in -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base @${REINPLACE_CMD} -e 's/LIBSREQUIRED=libssl,libcrypto/LIBS="$$LIBS -lssl -lcrypto"/' \ ${WRKSRC}/configure .endif Index: security/openssl-devel/version.mk =================================================================== --- /dev/null +++ security/openssl-devel/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 9 Index: security/openssl/version.mk =================================================================== --- /dev/null +++ security/openssl/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 8 Index: security/p5-openxpki/Makefile =================================================================== --- security/p5-openxpki/Makefile +++ security/p5-openxpki/Makefile @@ -114,7 +114,7 @@ .include -.if defined(WITH_OPENSSL_PORT) && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT} == libressl IGNORE= this version of OpenXPKI is not fully functional with LibreSSL library, use OpenSSL instead .endif Index: security/py-m2crypto/Makefile =================================================================== --- security/py-m2crypto/Makefile +++ security/py-m2crypto/Makefile @@ -27,7 +27,7 @@ .include -.if ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT) +.if ${OSVERSION} < 1000000 && ${SSL_DEFAULT} == base IGNORE= py-m2crypto requires OpenSSL 1.0.1e+ .endif Index: security/softhsm2/Makefile =================================================================== --- security/softhsm2/Makefile +++ security/softhsm2/Makefile @@ -38,8 +38,10 @@ CRYP_OPEN_VARS= WITH_OPENSSL_PORT=yes CRYP_OPEN_CONFIGURE_ON= --with-crypto-backend=openssl -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.include + +.if ${SSL_DEFAULT} == libressl CONFIGURE_ARGS+= --disable-gost .endif -.include +.include Index: security/stunnel/Makefile =================================================================== --- security/stunnel/Makefile +++ security/stunnel/Makefile @@ -74,11 +74,13 @@ LDFLAGS+= -lpthread .endif -.if ${PORT_OPTIONS:MFIPS} && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.include + +.if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT} == libressl IGNORE= LibreSSL does not support FIPS standard .endif -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT} == libressl NO_PACKAGE= The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries .endif @@ -115,4 +117,4 @@ @${ECHO} "" @(cd ${WRKSRC}/tools/; make install-data-local) -.include +.include Index: www/libmicrohttpd/Makefile =================================================================== --- www/libmicrohttpd/Makefile +++ www/libmicrohttpd/Makefile @@ -41,7 +41,7 @@ .include -.if !(defined(WITH_OPENSSL_BASE) && ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015) +.if !(${SSL_DEFAULT} == base && ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015) PLIST_FILES+= include/microspdy.h \ lib/libmicrospdy.a \ lib/libmicrospdy.so \ Index: www/spdylay/Makefile =================================================================== --- www/spdylay/Makefile +++ www/spdylay/Makefile @@ -37,7 +37,7 @@ .include -.if ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT) +.if ${OSVERSION} < 1000000 && ${SSL_DEFAULT} == base IGNORE= spdylay requires OpenSSL 1.0.1+ .endif Index: x11-servers/xorg-server/Makefile =================================================================== --- x11-servers/xorg-server/Makefile +++ x11-servers/xorg-server/Makefile @@ -64,7 +64,7 @@ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't install a .pc file # and configure will fail trying to find it. Setting both of those variables to # a *non-empty* value by-passes the pkg-config check.