Keep OpenSSL updated FreeBSD

With the base install of FreeBSD you get a copy on OpenSSL installed in /usr/bin/openssl, however it is not a registered package. This makes upgrading OpenSSL a little different, you must first install the OpenSSL port and then tell your make.conf to use the port install when using OpenSSL libraries. Once this is done you can keep OpenSSL up to date just as you would with any other port.

First make sure your port tree is up to date

# portsnap fetch update

Then add the following line to /etc/make.conf

WITH_OPENSSL_PORT=yes

Now install the OpenSSL port from /usr/ports/security/openssl or if you like to use portupgrade

# portupgrade -N security/openssl

And that’s about it, due to the additional line in make.conf any port built with OpenSSL will use the port (latest) version. You may need to recompile other packages using OpenSSL, in that case this command could help out

# portupgrade -Rrf security/openssl

You may also like...

  • KeenBSDguy

    When I upgraded OpenSSL on my new server I followed these instructions:

    Added the following to /etc/make.conf:
    WITH_OPENSSL_PORT=yes

    Install
    OpenSSL from ports:
    /usr/ports/security/openssl
    make
    install clean

    Backup
    native binary and link new version:
    mv
    /usr/bin/openssl /usr/bin/openssl.0.9.8y

    ln -s /usr/local/bin/openssl /usr/bin/

    Is there any harm in doing it the way I have?

  • Pieter Scheffers

    I see this post is from 2010.

    WITH_OPENSSL_PORT=yes has been deprecated.
    https://wiki.freebsd.org/DEFAULT_VERSIONS

    Add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf
    http://unix.stackexchange.com/a/297322/147368