Recent OpenSSL changes and CA certs
Aaron Madlon-Kay
amake at macports.org
Wed Oct 13 04:58:32 UTC 2021
Hi all.
I know there are some important changes being made to the OpenSSL
ports. Today I updated my ports and now have the following installed:
% port installed name:openssl
The following ports are currently installed:
openssl @1.1_0 (active)
openssl10 @1.0.2u_2 (active)
openssl11 @1.1.1l_2 (active)
Apparently as a result of this, my Ruby environment (managed by rbenv
+ ruby-build, both available as ports) seems to no longer be able to
connect to HTTPS hosts.
By some trial and error, I managed to find that symlinking the certs
installed by the curl-ca-bundle port into the new "real" home of
OpenSSL solved the problem:
sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt
/opt/local/libexec/openssl11/etc/openssl/cert.pem
Can anyone point me to a better solution?
I note that the Ruby OpenSSL module (built under the old OpenSSL port
regime) is linked to /opt/local/lib/{libssl,libcrypto}.1.1.dylib. If I
rebuild Ruby after updating to the new port regime, it is linked to
/opt/local/libexec/openssl11/lib/{libssl,libcrypto}.1.1.dylib. Either
way, SSL connections fail unless I symlink cert.pem as above. There
are no apparent breakages in the linking itself.
Thanks,
Aaron
More information about the macports-dev
mailing list