I updated to 1.9.2 and noticed unbound was linked to OpenSSL 1.0.2q:
unbound -h
Version 1.9.2
linked libs: libevent 2.1.8-stable (it uses kqueue), OpenSSL 1.0.2q 20 Nov 2018
linked modules: dns64 respip validator iterator
Doing a version check for OpenSSL
openssl version
OpenSSL 1.1.1a-freebsd 20 Nov 2018
So I did a new .config
./configure --with-libevent --without-pthreads --without-solaris-threads --with-ssl=/usr/local/openssl-1.1.1
But make encountered this error.
/usr/bin/ld: warning: libcrypto.so.111, needed by /usr/local/lib/libevent.so, may conflict with libcrypto.so.9
/usr/bin/ld: undefined reference to symbol `DSA_set0_key@@OPENSSL_1_1_0' (try adding -lcrypto)
//lib/libcrypto.so.111: could not read symbols: Bad value
*** Error code 1
Im sure im doing something really stupid wrong, but, I don't know what it is and have wacked away at this for hours..
The below issue occurs because of conflicts with libevent..
Removing --with-libevent produces all sorts of different errors.
I would think I could point to a Openssl and make this work. I cannot.
Seems simple enough, download 1.9.2, go get OpenSSL 1.1.1c, config/make it. Then go config make Unbound with --with-ssl= pointing to the OpenSSL.. But this fails..
Ive spent hours on this and tried all the OpenSSL versions. I feel mighty stupid as this should work...
Please give me a hint on what to go do.
I can pkg install 1.9.2 and this is fine and shows openssl lib 1.1.1, but, I want --without-pthreads --without-solaris-threads and so, I need to compile.
one thing to note is that the ports tree uses the OpenSSL from base for building via the $OPENSSLBASE envvar, so it may be worth pointing config at that location. here's how that's setup in the ports tree I believe:
> Sorry for a stupid question.
>
> FreeBSD 12.0-RELEASE-p7
>
> I updated to 1.9.2 and noticed unbound was linked to OpenSSL 1.0.2q:
>
> unbound -h
>
> Version 1.9.2
> linked libs: libevent 2.1.8-stable (it uses kqueue), OpenSSL 1.0.2q 20
> Nov 2018
> linked modules: dns64 respip validator iterator
Note that it is dynamic linked so this depends on the OS version.
Using a package is probably the easiest solution.
>
> Doing a version check for OpenSSL
>
> openssl version
>
> OpenSSL 1.1.1a-freebsd 20 Nov 2018
>
> So I did a new .config
> ./configure --with-libevent --without-pthreads --without-solaris-threads
> --with-ssl=/usr/local/openssl-1.1.1
>
> But make encountered this error.
>
Alternatively, you could use the port system to build it yourself, that
will take care of the dependencies.
OpenSSL is quite a hurdle if you want to build stuff from scratch
because there are three flavors on FreeBSD. The one in the base
system. and two versions in the ports three. Since they all install
libraries in the same place so you have to change it for every
application. That is done in /etc/make.conf as in
DEFAULT_VERSIONS+=ssl=openssl
for the old version (now 1.0.2s) or
DEFAULT_VERSIONS+=ssl=openssl111
for the latest version (now 1.1.1c)
The base version has, as far as I know, OpenSSL 1.0.2s 28 May 2019.
> The below issue occurs because of conflicts with libevent..
>
> Removing --with-libevent produces all sorts of different errors.
>
> I would think I could point to a Openssl and make this work. I cannot.
>
> Seems simple enough, download 1.9.2, go get OpenSSL 1.1.1c, config/make
> it. Then go config make Unbound with --with-ssl= pointing to the
> OpenSSL.. But this fails..
>
> Ive spent hours on this and tried all the OpenSSL versions. I feel
> mighty stupid as this should work...
>
> Please give me a hint on what to go do.
>
> I can pkg install 1.9.2 and this is fine and shows openssl lib 1.1.1,
> but, I want --without-pthreads --without-solaris-threads and so, I need
> to compile.
So adapt the /etc/make.conf to pick your favorite openssl and then change the ../dns/unbound/Makefile to your liking.
Run "make config" in ../dns/unbound and disable the default options
LIBEVENT and THREADS. Then make && make install as usual.
Alternatively, you could use the port system to build it yourself, that
will take care of the dependencies.
OpenSSL is quite a hurdle if you want to build stuff from scratch
because there are three flavors on FreeBSD. The one in the base
system. and two versions in the ports three. Since they all install
libraries in the same place so you have to change it for every
application. That is done in /etc/make.conf as in
minor nit here, the ports versions of openssl will be installed under /usr/local whereas the base openssl is installed under /usr/.
The base version has, as far as I know, OpenSSL 1.0.2s 28 May 2019.
this is true for 12.0-RELEASE, the upcoming 12.1-RELEASE (as well as 12-STABLE) are currently at v1.1.1c.