MacOS使用Homebrew安装的OpenSSL

前言

使用 Homebrew 安装新版的 OpenSSL,并链接脚本到环境变量中,想要替换系统自带的旧版的 OpenSSL。但是系统自带的 OpenSSL 安装在/usr/bin目录下,因为系统级的保护无法删除它,只能利用环境变量和 link 让两个 OpenSSL 共存。

旧版本

1
2
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

安装新版本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
$ brew install openssl
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (caskroom/cask).
No changes to formulae.
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2l.sierra.bottle.tar.gz
Already downloaded: /Users/bingo/Library/Caches/Homebrew/openssl-1.0.2l.sierra.bottle.tar.gz
==> Pouring openssl-1.0.2l.sierra.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc
For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
For pkg-config to find this software you may need to set:
PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig
==> Summary
🍺 /usr/local/Cellar/openssl/1.0.2l: 1,709 files, 12.2MB

尝试 link openssl,但似乎姿势不太正确。

1
2
3
4
5
6
$ brew link openssl
Warning: Refusing to link: openssl
Linking keg-only openssl means you may end up linking against the insecure,
deprecated system OpenSSL while using the headers from Homebrew's openssl.
Instead, pass the full include/library paths to your compiler e.g.:
-I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib

解决

在 stackoverflow 找到了解决的方案:homebrew-refusing-to-link-openssl

1
2
$ ln -s -f /usr/local/Cellar/openssl/1.0.2l/bin/openssl /usr/bin/openssl
ln: /usr/bin/openssl: Permission denied

权限不足,直接 sudo :

1
$ sudo ln -s -f /usr/local/Cellar/openssl/1.0.2l/bin/openssl /usr/bin/openssl

当前版本

1
2
$ openssl version
OpenSSL 1.0.2l 25 May 2017

后话

现在已经默认使用了新版本的 OpenSSL,但其实没有解决我的问题。

我是在 MacOS 下,编译 N2N 报错 fatal error: 'openssl/aes.h' file not found,所以怀疑是系统自带的旧版本 OpenSSL 或者环境有问题。但现在使用新版 OpenSSL 问题依然存在,可能是其它原因导致的,暂时就先放下了,Mark 一下,以后有机会再看能不能解决吧。

  • 本文作者: Bingo
  • 本文链接: https://blog.bingo.ren/53.html
  • 版权声明: 本博客所有文章除特别声明外,均采用 MIT 许可协议。转载请注明出处!