LibreSSL and OpenSSL and *SSL
Jan Stary
hans at stare.cz
Wed Feb 21 15:05:41 UTC 2018
A simple patch to allow opusfile to build against LibreSSL
https://github.com/macports/macports-ports/pull/1217
devolved into a OpenSSL/LibreSSL debate
that probably belongs here instead.
First things first: the newer releases of MacOS (10.13.2 here)
already provide various implementations of crypto/ssl/tls,
including OpenSSL, LibreSSL and (Google's) BoringSSL:
hans at fitbook:~$ ls -l /usr/lib/*ssl*
-rwxr-xr-x 1 root wheel 1236144 Jan 19 09:32 /usr/lib/libboringssl.dylib
-rwxr-xr-x 1 root wheel 392912 Dec 1 20:39 /usr/lib/libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 630144 Dec 1 20:38 /usr/lib/libssl.0.9.8.dylib
-rw-r--r-- 1 root wheel 947104 Dec 1 20:38 /usr/lib/libssl.35.dylib
-rw-r--r-- 1 root wheel 890800 Dec 1 20:39 /usr/lib/libssl.43.dylib
lrwxr-xr-x 1 root wheel 15 Dec 10 11:39 /usr/lib/libssl.dylib -> libssl.35.dylib
hans at fitbook:~$ ls -l /usr/lib/*tls*
-rwxr-xr-x 1 root wheel 287408 Dec 1 20:39 /usr/lib/libcoretls.dylib
-rwxr-xr-x 1 root wheel 60464 Dec 1 20:39 /usr/lib/libcoretls_cfhelpers.dylib
-rw-r--r-- 1 root wheel 159264 Dec 1 20:39 /usr/lib/libtls.15.dylib
-rw-r--r-- 1 root wheel 92032 Dec 1 20:39 /usr/lib/libtls.6.dylib
lrwxr-xr-x 1 root wheel 14 Dec 10 11:39 /usr/lib/libtls.dylib -> libtls.6.dylib
hans at fitbook:~$ ls -l /usr/lib/*crypto*
-rwxr-xr-x 1 root wheel 13520 Jan 19 09:32 /usr/lib/libapple_crypto.dylib
-rwxr-xr-x 1 root wheel 2023584 Dec 1 20:39 /usr/lib/libcrypto.0.9.7.dylib
-rwxr-xr-x 1 root wheel 2599488 Dec 1 20:38 /usr/lib/libcrypto.0.9.8.dylib
-rw-r--r-- 1 root wheel 4228016 Dec 1 20:39 /usr/lib/libcrypto.35.dylib
-rw-r--r-- 1 root wheel 4274800 Dec 1 20:39 /usr/lib/libcrypto.41.dylib
lrwxr-xr-x 1 root wheel 18 Dec 10 11:39 /usr/lib/libcrypto.dylib -> libcrypto.35.dylib
lrwxr-xr-x 1 root wheel 54 Dec 10 11:39 /usr/lib/libk5crypto.dylib -> /System/Library/Frameworks/Kerberos.framework/Kerberos
The default SSL implementation is /usr/lib/libssl.dylib -> libssl.35.dylib,
the base MacOS binaries are compiled against (wait for it) LibreSSL,
hans at fitbook:~$ /usr/bin/curl --version
curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20
zlib/1.2.11 nghttp2/1.24.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB
SSL libz HTTP2 UnixSockets HTTPS-proxy
and if you link with -lssl, you are using LibreSSL:
hans at fitbook$ cc -o prog prog.c -lssl
hans at fitbook$ otool -L ./prog
./prog:
/usr/lib/libssl.35.dylib (compatibility version 36.0.0, current version 36.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.0.0)
Let me say it again:
MacOS _has_already_moved_ to LibreSSL as the default.
(I'll reply to the comments from the original
closed thread in a followup mail.)
Jan
More information about the macports-dev
mailing list