Related
I'm on: OSX 10.11.6, Homebrew version 0.9.9m OpenSSL 0.9.8zg 14 July 2015
I'm trying to play with with dotnetcore and by following their instructions,
I've upgraded/installed the latest version of openssl:
> brew install openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
Already downloaded: /Users/administrator/Library/Caches/Homebrew/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Pouring openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local.
Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
But when I try to link openssl I continue to run into this linking error:
> brew link --force openssl
Warning: Refusing to link: openssl
Linking keg-only OpenSSL means you may end up linking against the insecure,
deprecated system version while using the headers from the Homebrew version.
Instead, pass the full include/library paths to your compiler e.g.:
-I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib
The option to include compiler flags doesn't make sense to me, since I'm not compiling these libraries that I'm dependent on.
EDIT dotnetcore has updated their instructions:
brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
This is what worked for me:
brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl
Thanks to #dorlandode on this thread https://github.com/Homebrew/brew/pull/597
NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in #bouke's comment before attempting this.
As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.
The most relevant part of the issue copied here:
I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.
sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib
and/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:
sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylib
In effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.
Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).
Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:
13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x 1 ben admin 26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1
If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.
Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).
None of these solutions worked for me on OS X El Capitan 10.11.6. Probably because OS X has a native version of openssl that it believes is superior, and as such, does not like tampering.
So, I took the high road and started fresh...
Manually install and symlink
cd /usr/local/src
If you're getting "No such file or directory", make it:
cd /usr/local && mkdir src && cd src
Download openssl:
curl --remote-name https://www.openssl.org/source/openssl-1.0.2h.tar.gz
Extract and cd in:
tar -xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
Compile and install:
./configure darwin64-x86_64-cc --prefix=/usr/local/openssl-1.0.2h shared
make depend
make
make install
Now symlink OS X's openssl to your new and updated openssl:
ln -s /usr/local/openssl-1.0.2h/bin/openssl /usr/local/bin/openssl
Close terminal, open a new session, and verify OS X is using your new openssl:
openssl version -a
Just execute brew info openssland read the information where it says:
If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
If migrating your mac breaks homebrew:
I migrated my mac, and it unlinked all my homebrew installs - including OpenSSL. This broke gem install, which is how I first noticed the problem and started trying to repair this.
After a million solutions (when migrating to OSX Sierra - 10.12.5), the solution ended up being comically simple:
brew reinstall ruby
brew reinstall openssl
Edit much later: as Gal Bracha noted in the comments, you ?might? need to delete /usr/local/opt/openssl before doing the reinstalls, just to be safe. I didn't need to at the time, but if you're still having trouble, give that a try.
After trying everything I could find and nothing worked, I just tried this:
touch ~/.bash_profile; open ~/.bash_profile
Inside the file added this line.
export PATH="$PATH:/usr/local/Cellar/openssl/1.0.2j/bin/openssl"
now it works :)
Jorns-iMac:~ jorn$ openssl version -a
OpenSSL 1.0.2j 26 Sep 2016
built on: reproducible build, date unspecified
//blah blah
OPENSSLDIR: "/usr/local/etc/openssl"
Jorns-iMac:~ jorn$ which openssl
/usr/local/opt/openssl/bin/openssl
The solution above from edwardthesecond worked for me too on Sierra
brew install openssl
cd /usr/local/include
ln -s ../opt/openssl/include/openssl
./configure && make
Other steps I did before were:
installing openssl via brew
brew install openssl
adding openssl to the path as suggested by homebrew
brew info openssl
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
I have a similar case. I need to install openssl via brew and then use pip to install mitmproxy. I get the same complaint from brew link --force. Following is the solution I reached: (without force link by brew)
LDFLAGS=-L/usr/local/opt/openssl/lib
CPPFLAGS=-I/usr/local/opt/openssl/include
PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig
pip install mitmproxy
This does not address the question straightforwardly. I leave the one-liner in case anyone uses pip and requires the openssl lib.
Note: the /usr/local/opt/openssl/lib paths are obtained by brew info openssl
This worked for me:
brew install openssl
cd /usr/local/include
ln -s ../opt/openssl/include/openssl .
By default, homebrew gave me OpenSSL version 1.1 and I was looking for version 1.0 instead. This worked for me.
To install version 1.0:
brew install https://github.com/tebelorg/Tump/releases/download/v1.0.0/openssl.rb
Then I tried to symlink my way through it but it gave me the following error:
ln -s /usr/local/Cellar/openssl/1.0.2t/include/openssl /usr/bin/openssl
ln: /usr/bin/openssl: Operation not permitted
Finally linked openssl to point to 1.0 version using brew switch command:
brew switch openssl 1.0.2t
Cleaning /usr/local/Cellar/openssl/1.0.2t
Opt link created for /usr/local/Cellar/openssl/1.0.2t
I had the same problem while trying to install newer version of ruby 2.6.5
https://github.com/kelaberetiv/TagUI/issues/86 helps me to solve the problem. This if for macOS catalina Version 10.15.1
Basically, I did update and upgrade homebrew and install openssl and install ruby.
brew update && brew upgrade
brew install openssl
Then create these 2 symlinks
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
then installed ruby 2.6.5
Note: this no longer works due to https://github.com/Homebrew/brew/pull/612
I had the same problem today. I uninstalled (unbrewed??) openssl 1.0.2 and installed 1.0.1 also with homebrew. Dotnet new/restore/run then worked fine.
Install openssl 101:
brew install homebrew/versions/openssl101
Linking:
brew link --force homebrew/versions/openssl101
for me this is what worked...
I edited the ./bash_profile and added below command
export PATH="/usr/local/opt/openssl/bin:$PATH"
export https_proxy=http://127.0.0.1:1087 http_proxy=http://127.0.0.1:1087 all_proxy=socks5://127.0.0.1:1080
works for me
and I think it can solve all the problems like
Failed to connect to raw.githubusercontent.com port 443: Connection refused
The solution might be updating some tools.
Here's my scenario from 2020 with Ruby and Python:
I needed to install Python 3 on Mac and things escalated. In the end, updating homebrew, node and python lead to the problem with openssl. I did not have openssl 1.0 anymore, so I couldn't "brew switch" to it.
So what was still trying to use that old 1.0 version?
It tuned out it was Ruby 2.5.5.
So I just installed Ruby 2.5.8 and removed the old one.
Other things you can try if this is not enough: Use rbenv and pyenv. Clean up gems and formulas. Update homebrew, node, yarn. Upgrade bundler. Make sure your .bash_profile (or equivalent) is set up according to each tool's instructions. Reopen the terminal.
I'm on: OSX 10.11.6, Homebrew version 0.9.9m OpenSSL 0.9.8zg 14 July 2015
I'm trying to play with with dotnetcore and by following their instructions,
I've upgraded/installed the latest version of openssl:
> brew install openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
Already downloaded: /Users/administrator/Library/Caches/Homebrew/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Pouring openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local.
Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
But when I try to link openssl I continue to run into this linking error:
> brew link --force openssl
Warning: Refusing to link: openssl
Linking keg-only OpenSSL means you may end up linking against the insecure,
deprecated system version while using the headers from the Homebrew version.
Instead, pass the full include/library paths to your compiler e.g.:
-I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib
The option to include compiler flags doesn't make sense to me, since I'm not compiling these libraries that I'm dependent on.
EDIT dotnetcore has updated their instructions:
brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
This is what worked for me:
brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl
Thanks to #dorlandode on this thread https://github.com/Homebrew/brew/pull/597
NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in #bouke's comment before attempting this.
As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.
The most relevant part of the issue copied here:
I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.
sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib
and/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:
sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylib
In effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.
Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).
Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:
13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x 1 ben admin 26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1
If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.
Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).
None of these solutions worked for me on OS X El Capitan 10.11.6. Probably because OS X has a native version of openssl that it believes is superior, and as such, does not like tampering.
So, I took the high road and started fresh...
Manually install and symlink
cd /usr/local/src
If you're getting "No such file or directory", make it:
cd /usr/local && mkdir src && cd src
Download openssl:
curl --remote-name https://www.openssl.org/source/openssl-1.0.2h.tar.gz
Extract and cd in:
tar -xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
Compile and install:
./configure darwin64-x86_64-cc --prefix=/usr/local/openssl-1.0.2h shared
make depend
make
make install
Now symlink OS X's openssl to your new and updated openssl:
ln -s /usr/local/openssl-1.0.2h/bin/openssl /usr/local/bin/openssl
Close terminal, open a new session, and verify OS X is using your new openssl:
openssl version -a
Just execute brew info openssland read the information where it says:
If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
If migrating your mac breaks homebrew:
I migrated my mac, and it unlinked all my homebrew installs - including OpenSSL. This broke gem install, which is how I first noticed the problem and started trying to repair this.
After a million solutions (when migrating to OSX Sierra - 10.12.5), the solution ended up being comically simple:
brew reinstall ruby
brew reinstall openssl
Edit much later: as Gal Bracha noted in the comments, you ?might? need to delete /usr/local/opt/openssl before doing the reinstalls, just to be safe. I didn't need to at the time, but if you're still having trouble, give that a try.
After trying everything I could find and nothing worked, I just tried this:
touch ~/.bash_profile; open ~/.bash_profile
Inside the file added this line.
export PATH="$PATH:/usr/local/Cellar/openssl/1.0.2j/bin/openssl"
now it works :)
Jorns-iMac:~ jorn$ openssl version -a
OpenSSL 1.0.2j 26 Sep 2016
built on: reproducible build, date unspecified
//blah blah
OPENSSLDIR: "/usr/local/etc/openssl"
Jorns-iMac:~ jorn$ which openssl
/usr/local/opt/openssl/bin/openssl
The solution above from edwardthesecond worked for me too on Sierra
brew install openssl
cd /usr/local/include
ln -s ../opt/openssl/include/openssl
./configure && make
Other steps I did before were:
installing openssl via brew
brew install openssl
adding openssl to the path as suggested by homebrew
brew info openssl
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
I have a similar case. I need to install openssl via brew and then use pip to install mitmproxy. I get the same complaint from brew link --force. Following is the solution I reached: (without force link by brew)
LDFLAGS=-L/usr/local/opt/openssl/lib
CPPFLAGS=-I/usr/local/opt/openssl/include
PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig
pip install mitmproxy
This does not address the question straightforwardly. I leave the one-liner in case anyone uses pip and requires the openssl lib.
Note: the /usr/local/opt/openssl/lib paths are obtained by brew info openssl
This worked for me:
brew install openssl
cd /usr/local/include
ln -s ../opt/openssl/include/openssl .
By default, homebrew gave me OpenSSL version 1.1 and I was looking for version 1.0 instead. This worked for me.
To install version 1.0:
brew install https://github.com/tebelorg/Tump/releases/download/v1.0.0/openssl.rb
Then I tried to symlink my way through it but it gave me the following error:
ln -s /usr/local/Cellar/openssl/1.0.2t/include/openssl /usr/bin/openssl
ln: /usr/bin/openssl: Operation not permitted
Finally linked openssl to point to 1.0 version using brew switch command:
brew switch openssl 1.0.2t
Cleaning /usr/local/Cellar/openssl/1.0.2t
Opt link created for /usr/local/Cellar/openssl/1.0.2t
I had the same problem while trying to install newer version of ruby 2.6.5
https://github.com/kelaberetiv/TagUI/issues/86 helps me to solve the problem. This if for macOS catalina Version 10.15.1
Basically, I did update and upgrade homebrew and install openssl and install ruby.
brew update && brew upgrade
brew install openssl
Then create these 2 symlinks
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
then installed ruby 2.6.5
Note: this no longer works due to https://github.com/Homebrew/brew/pull/612
I had the same problem today. I uninstalled (unbrewed??) openssl 1.0.2 and installed 1.0.1 also with homebrew. Dotnet new/restore/run then worked fine.
Install openssl 101:
brew install homebrew/versions/openssl101
Linking:
brew link --force homebrew/versions/openssl101
for me this is what worked...
I edited the ./bash_profile and added below command
export PATH="/usr/local/opt/openssl/bin:$PATH"
export https_proxy=http://127.0.0.1:1087 http_proxy=http://127.0.0.1:1087 all_proxy=socks5://127.0.0.1:1080
works for me
and I think it can solve all the problems like
Failed to connect to raw.githubusercontent.com port 443: Connection refused
The solution might be updating some tools.
Here's my scenario from 2020 with Ruby and Python:
I needed to install Python 3 on Mac and things escalated. In the end, updating homebrew, node and python lead to the problem with openssl. I did not have openssl 1.0 anymore, so I couldn't "brew switch" to it.
So what was still trying to use that old 1.0 version?
It tuned out it was Ruby 2.5.5.
So I just installed Ruby 2.5.8 and removed the old one.
Other things you can try if this is not enough: Use rbenv and pyenv. Clean up gems and formulas. Update homebrew, node, yarn. Upgrade bundler. Make sure your .bash_profile (or equivalent) is set up according to each tool's instructions. Reopen the terminal.
I need your help :)
I have mac os x 10.11.2,
And I have updated openssl library:
brew update
brew install openssl
brew link --force openssl.
After command "openssl version" I saw: OpenSSL 1.0.2h 3 May 2016
But after command "php -i | grep -i ssl" I saw:
OpenSSL Library Version => OpenSSL 0.9.8zg 14 July 2015
OpenSSL Header Version => OpenSSL 0.9.8zc 19 Mar 2015
And I can't install composer, get error: The OpenSSL library (0.9.8zc) used by PHP does not support TLSv1.2 or TLSv1.1.
How can I resolve it? It really strange...
PHP and OpenSSL are also present in the Mac OS X system.
The fact that you have installed a second version via Homebrew does not mean it will automaically be used. you will need to make sure that composer finds the version provided by Homebrew (installed in /usr/local/).
I just typed openssl version in terminal and I got following result:
OpenSSL 0.9.8y 5 Feb 2013
So I ran brew update and brew upgrade openssl.
Which the first one returned Updated Homebrew from 7afeb3af to 8cabfe85., And second one returned openssl-1.0.1g already installed.
So typed brew link --force openssl.
After above procedure I typed openssl version And I got the same result
OpenSSL 0.9.8y 5 Feb 2013.
How can I update openssl on mac osx 10.9.3?
Run brew info openssl and follow the instructions there. Do not try to --force link the latest openssl with the one that comes installed with OSX by default. (0.9.8)
Specifically it'll ask you to add the Homebrew version of openssl (should be 1.0.2 as of this date) into your $PATH.
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
Note: Make sure to remove any export PATH lines from the bash_profile, since this line above exports it for you appending the rest of the $PATH variable to the end. To view the bash profile use vi ~/.bash_profile
Doing this should fix any problems with installing packages (especially Ruby Gems that need compiling).
So here's what is going on. You have two copies of OpenSSL.
Version 0.9.8 - located at /usr/bin/openssl, pre-installed on OS X
Version 1.0.1g - located at /usr/local/Cellar/openssl/1.0.1h/bin/openssl, installed by brew.
When you ran brew upgrade openssl, you actually ran brew install openssl since brew had not yet install openssl on your system. (Remember, brew doesn't control all the software on your computer - only what it installed).
Turns out that the message of brew install openssl:
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, so it was not symlinked into /usr/local.
Mac OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.
The OpenSSL provided by OS X is too old for some software.
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
This actually explains that OS X comes preinstalled. Using a different non-system openssl may cause issues if you change from the default openssl. Hence, brew kindly did not link it into your /usr/local which is probably part of your path.
I presume you wanted to upgrade the openssl on you box because some package you were trying to install required a newer version. Ahoy - the message tells you that you should install that software package and point it at your new shiny brew openssl.
I've tried to install a new version of OpenSSL via Homebrew but it doesn't work. My actual OpenSSL version is 0.9.8 and I don't know what to do.
When I type on MacOS 10.8.4 brew install openssl the system brings to me the following error:
Error: openssl-1.0.1e already installed
So when I type openssl version I see this:
OpenSSL 0.9.8x 10 May 2012
How can I turn the actual version to the new version installed via Homebrew? Any tips?
My guess is that OS X has an older version of openssl in /usr/bin, and Homebrew places it's version in /usr/local/bin
Try
/usr/local/bin/openssl version
Edit: Before you try the above command, run:
brew link --force openssl