Update OpenSSL to 1.1.0 or 1.1.1pre

  • Did anyone tried to manually compile newer OpenSSL then installed by default? Maybe good idea create plugin with can be installed via plugin manager? This can be interesting/helpful for people that use squid slicing proxy and for haproxy.

  • The "pfSense environment" (the OS, included drivers and programs, scripts) isn't meant to be a development platform.
    You be needing the header files, libraries and boatloads build dependencies, and of course the make tools. Install, them all and you'll break pfSense for sure.
    You'll be needing another device with a vanilla FreeBSD setup that respects as close as possible the FreeBSD version that pfSense is using, prepare it so it has all the tools, and make your "package". When done, you will have to copy "in place" all the related files (openssl is a big one, and not a simple one neither).

    If you need the "the latest and greatest" (features and bugs) I would use some server on LAN that uses 1.1.1pre and simply NATted the needed ports to this server.

  • I'm understand complexity of task, and because of it I ask this at forum before destroy my pfSense ☺ . Obviously use pfSense for build bins is really not good idea. About simply use NAT: I really like how in pfSense work Squid (for proxy) and HAproxy (for reverse proxy) and how I can combine HAproxy with pfBlocker aliases and GeoIP, and it will be awesome if them will support at least mainline OpenSSL version like optional plugin, and LTS line 1.0.2 by default that goes in FreeBSD. Or maybe some paranoiac guys do this already and have how-to in home wiki 😃

Log in to reply