[OpenIndiana-discuss] why is an old version of openssl still active

[Andreas Wacknitz]

Am 27.02.25 um 18:40 schrieb Marc Lobelle via openindiana-discuss:
> Hello
>
> Today I updated openindiana on my server (that I use also as desktop).
>
> I had tried to compile the last version of emailrelay (the one I was
> using was more than 15 years old) and make complains that my openssl
> was too old. this was my main motivation to update openindiana.
>
> After that I verified if openssl was now up to date
>
> ml at spitfire:/home/ml$ pkg list |grep ssl
> library/perl-5/io-socket-ssl-536 2.89-2024.0.0.0            i--
> library/perl-5/io-socket-ssl-538 2.89-2024.0.0.0            i--
> library/perl-5/io-socket-ssl-540 2.89-2024.0.0.0            i--
> library/perl-5/net-ssleay-536 1.94-2024.0.0.2            i--
> library/perl-5/net-ssleay-538 1.94-2024.0.0.2            i--
> library/perl-5/net-ssleay-540 1.94-2024.0.0.2            i--
> library/python/pyopenssl 25.0.0-2025.0.0.0          i--
> library/python/pyopenssl-39 25.0.0-2025.0.0.0          i--
> *library/security/openssl 1.0.2.21-2024.0.0.16       i--
> library/security/openssl-11 1.1.1.23-2025.0.0.5        i--
> library/security/openssl-3 3.4.1-2025.0.0.0           i--
> library/security/openssl-3/32 3.4.1-2025.0.0.0           i--
> library/security/openssl-31 3.1.7-2024.0.0.1           i-r*
>
> The old version (1.0.2) is still there but  the new version (3.4.1) is
> there too
>
> However if I type "openssl version"
>
> I get the answer
>
> ml at spitfire:/home/ml$ openssl version
> OpenSSL 1.0.2u  20 Dec 2019
>
> I understand that the old openssl is still there because at least the
> old emailrelay uses it but how can I replace it with the new one for
> the application that need the new version or for all applications if
> the new version is upward-compatible with the old one ?
>
> Thanks
>
> Best regards
>
> Marc
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
Hi,

You have several choices to fix your problem.
1. Set the openssl mediator to a newer version:
╰─➤  pkg mediator openssl
MEDIATOR            VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
openssl             vendor    1.0     vendor     openssl

╰─➤  pfexec pkg set-mediator -V3 openssl

This has the drawback that installed packages might fail because they
don't find "their" correct openssl version.
Openssl 1.0 is our default because we have some old packages that use
this old version and we haven't been able to update them yet. There are
only a few left and as far as I remember there are simply no versions
for newer openssl version available.

2. Convince your build system to use the correct paths for includes and
libs of the openssl version you want to use. OpenIndiana typically has
installed multiple versions of certain frameworks and applications.
Guess how that might work?

3. Make use of OpenIndiana's build system. This is the way I recommend.
It is a lot more work until you get used to it and understand its ideas
but in my opinion it is worth doing so. Our build system is there to
solve problems like yours.
As an additional outcome you'll get packages out of it and you can also
help to keep OI alive.

Andreas