MacOSX安装新版openssl问题

由于Mac系统再带的openssl版本太低,目前还是0.9.8系列(OpenSSL 0.9.8zh 14 Jan 2016) 主流协议、套件都不支持。比如:tls1.2、Google CT。

以前都是通过brew install openssl 解决

可是现在不行了,发现其作用的还是旧版,就算是执行 brew link openssl –force

通过openssl versionwhereis openssl 可以看到

brew install openssl时,注意可以看到一段提示:

A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs

and run
/usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local.

Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you’ll need to add to your
build variables:

LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig

苹果现在是弃用OpenSSL,使用他自己维护的TLS和加密库(OpenSSL经常爆出漏洞确实让人伤心)

上面有提到,如果需要在编译程序时使用brew 安装的openssl库也给出了引用方式。

我现在需求很简单,就是希望能使用最新的openssl命令,方便研究SSL协议、数字证书。快速解决办法:

ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin

注意:

  1. $PATH变量设置 /usr/local/bin 必须在最前面,起码在/usr/bin前面
  2. 这里使用的openssl 1.0.2j 请根据事件版本修改路径