A few days ago I was building a ruby app that had to use OpenSSL to access a web page. It kept failing to connect to the web site https://regex.alf.nu, so I went to stackoverflow and after much research I concluded that my OpenSSL was out of date at version 0.9.8zc. I made the recommended changes (the details of which are provided below) and after that my app was able to read the text of the web site mentioned above.
Today I discovered that my system has been generating an error mail message almost every hour since I made these changes (beginning Sun Apr 12 08:00:01). This is the text of the latest mail:
From SamShiffman#Samuels-MBP.PK5001Z Thu Apr 16 12:00:01 2015
X-Original-To: SamShiffman
Delivered-To: SamShiffman#Samuels-MBP.PK5001Z
From: SamShiffman#Samuels-MBP.PK5001Z (Cron Daemon)
To: SamShiffman#Samuels-MBP.PK5001Z
Subject: Cron <SamShiffman#Samuels-MBP> /usr/local/Cellar/openssl-osx-ca/1.0.4/bin/openssl-osx-ca /usr/local/bin/brew
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=SamShiffman>
X-Cron-Env: <USER=SamShiffman>
X-Cron-Env: <HOME=/Users/SamShiffman>
Date: Thu, 16 Apr 2015 12:00:01 -0700 (PDT)
Usage error; try -help.
rehash failed to verify, something is wrong
check /tmp/openssl-osx-ca.f9SEDVyI/cert.pem for problems
I haven't noticed any negative effects to my MBP, but I'm a little concerned that I may still have "broken" something the other day when I made those OpenSSL updates. As far as I can tell, the cron daemon error mails started after I ran these commands:
$ rvm osx-ssl-certs status all
>Certificates for /etc/openssl/cert.pem: Old.
>Certificates for /usr/local/etc/openssl/cert.pem: Up to date.
$ rvm osx-ssl-certs update all
> Updating certificates for /etc/openssl/cert.pem: Updating certificates in '/etc/openssl/cert.pem'.
> Updated.
> Updating certificates for /usr/local/etc/openssl/cert.pem: Already up to date.
After this I still couldn't connect to the aforementioned web site. After more research I found a post in stackoverflow that referred to a tool as a possible fix. I ran:
$ brew tap raggi/ale
$ brew install openssl-osx-ca
>==> Installing openssl-osx-ca from raggi/homebrew-ale
>==> Downloading https://github.com/raggi/openssl-osx-ca/archive/1.0.4.tar.gz
>######################################################################## 100.0%
>==> make install PREFIX='/usr/local/Cellar/openssl-osx-ca/1.0.4' BREW='/usr/loca
==> Caveats
>To uninstall remove the openssl-osx-ca line from your crontab. e.g.
> (crontab -l | grep -v openssl-osx-ca) | crontab -
>==> Summary
>🍺 /usr/local/Cellar/openssl-osx-ca/1.0.4: 4 files, 16K, built in 2 seconds
$ git clone https://github.com/mislav/ssl-tools.git
$ brew link openssl --force
Linking /usr/local/Cellar/openssl/1.0.2a-1... 1543 symlinks created
$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle
Searching formulae...
Searching taps...
$ ruby ssl-tools/doctor.rb
/Users/SamShiffman/.rvm/rubies/ruby-2.0.0-p598/bin/ruby (2.0.0-p598)
OpenSSL 1.0.2a 19 Mar 2015: /usr/local/etc/openssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""
HEAD https://status.github.com:443
/Users/SamShiffman/.rvm/rubies/ruby-2.0.0-p598/lib/ruby/2.0.0/openssl/buffering.rb:175:in `sysread_nonblock': end of file reached (EOFError)
$ ruby ssl-tools/doctor.rb 'regex.alf.nu'
/Users/SamShiffman/.rvm/rubies/ruby-2.0.0-p598/bin/ruby (2.0.0-p598)
OpenSSL 1.0.2a 19 Mar 2015: /usr/local/etc/openssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""
HEAD https://regex.alf.nu:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The server presented a certificate that could not be verified:
subject: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.alf.nu
issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
error code 20: unable to get local issuer certificate
Possible causes:
`/usr/local/etc/openssl/certs/' is empty
$ rvm osx-ssl-certs status all
Warning! PATH is not properly set up, '/Users/SamShiffman/.rvm/gems/ruby-2.0.0-p598/bin' is not at first place,
usually this is caused by shell initialization files - check them for 'PATH=...' entries,
it might also help to re-add RVM to your dotfiles: 'rvm get stable --auto-dotfiles',
to fix temporarily in this shell session run: 'rvm use ruby-2.0.0-p598'.
Certificates for /etc/openssl/cert.pem: Up to date.
Certificates for /usr/local/etc/openssl/cert.pem: Up to date.
After all this I still couldn't get the app to connect to the web site. I finally added this to my code (from a stackoverflow post) and it worked:
def get_html_string(url = #url)
uri = URI.parse(URI.encode(url.strip))
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
# http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)
response.body
end
Now it seems all the other steps I took leading up to this were unnecessary, but I don't know. At this point in the absence of any advice I would remove the openssl-osx-ca line from my crontab using:
(crontab -l | grep -v openssl-osx-ca) | crontab -
...but I'd like some confirmation from some code veterans who know more about this than I do.
Thank you
UPDATE 17Apr 11:00PDT
I upgraded brew, reinstalled openssl and recreated symlinks:
$ brew update
$ brew doctor
Binaries provided by keg-only formulae may override system binaries
with other strange results.
You may wish to `brew unlink` these brews:
openssl
$ brew reinstall openssl
$ brew link openssl --force
Linking /usr/local/Cellar/openssl/1.0.2a-1... 1543 symlinks created
$ brew upgrade
and the cron daemon mails stopped! Been rockin' 'n rollin' ever since.
I upgraded brew, reinstalled openssl and recreated symlinks:
$ brew update
$ brew doctor
Binaries provided by keg-only formulae may override system binaries
with other strange results.
You may wish to `brew unlink` these brews:
openssl
$ brew reinstall openssl
$ brew link openssl --force
Linking /usr/local/Cellar/openssl/1.0.2a-1... 1543 symlinks created
$ brew upgrade
and the cron daemon mails stopped! Been rockin' 'n rollin' ever since.
Related
I have an old Ruby React project that works fine. When I revisit again after months and start the rail server, I got the error as below.
I am trying a bunch of different solutions, but nothing works so I am totally lost.
I suspected this happened because I might upgrade my homebrew and it does not support SSL 1.0.0 anymore and the SSL old version (1.1.0) might be deleted as well.
MY SSL INFO:
ls -al /usr/local/Cellar/openssl*
total 0
drwxr-xr-x 3 resant staff 96 Oct 5 20:32 .
drwxrwxr-x 11 resant admin 352 Oct 5 20:29 ..
drwxr-xr-x 14 resant staff 448 Oct 5 20:32 1.1.1g
ERROR:
1: from /Users/resant/.rbenv/versions/2.5.1/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
/Users/resant/.rbenv/versions/2.5.1/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require':
dlopen(/Users/resant/.rbenv/versions/2.5.1/lib/ruby/2.5.0/x86_64-darwin17/digest/md5.bundle,9): Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (LoadError)
Referenced from:
Users/resant/.rbenv/versions/2.5.1/lib/ruby/2.5.0/x86_64-darwin17/digest/md5.bundle
Reason: image not found -
Users/resant/.rbenv/versions/2.5.1/lib/ruby/2.5.0/x86_64-darwin17/digest/md5.bundle
I try this solution:
brew update && brew upgrade
brew uninstall openssl
brew install https://github.com/tebelorg/Tump/releases/download/v1.0.0/openssl.rb
but when I run that brew install, I got the following error:
fatal: 'origin' does not appear to be a git repository fatal: Could
not read from remote repository.
Please make sure you have the correct access rights and the repository
exists. fatal: Needed a single revision invalid upstream
'origin/master' Error: Calling Non-checksummed download of openssl
formula file from an arbitrary URL is disabled! Use 'brew extract' or
'brew create' and 'brew tap-new' to create a formula file in a tap on
GitHub instead. If reporting this issue please do so at (not
Homebrew/brew or Homebrew/core):
https://github.com/tebelorg/Tump/issues/new
I don't understand this at all so I might be screw up things even more. Please help, how should I fix this?
For building one particular library I need openssl library version 1.0.2m with devel package. I am working on macOS. Using brew install openssl installs latest version 1.1.1d.
Since OpenSSL 1.0.2 is end of lifed by the end of 2019, it is no longer available via Homebrew. This is mentioned in the Homebrew 2.2.0 announcement.
It is fairly straightforward to build and install OpenSSL 1.0.2 yourself from source. You can download your required version from the Old 1.0.2 Releases page and follow the instructions found in INSTALL.
It may be possible as well to recover an older formula and install from that, but I can not guarantee how well that works. The following steps did complete the installation process:
$ git clone https://github.com/Homebrew/homebrew-core.git
$ cd homebrew-core
$ git checkout 75b57384 Formula/openssl.rb
$ brew install Formula/openssl.rb
For me, this showed:
Warning: openssl 1.1.1d is available and more recent than version 1.0.2m.
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2m.high_sierra.bottle.tar.gz
and went on happily after that. A quick try at the end gives some confidence that it worked out well:
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2m 2 Nov 2017
If you prefer not to use git directly, you can also try downloading that version of openssl.rb from gitHub.com and run brew install on it.
If you wonder where that commit hash came from, I happened to know that the formula used to be called -- surprise -- openssl.rb (but using git to query for removed files would have worked as well). Therefore, I inspected the history for Formula/openssl.rb and found:
$ git log -- Formula/openssl.rb
...
commit 75b573845a17aaf3f7c84dc58e97cf5fe39a502b
Author: BrewTestBot <brew-test-bot#googlegroups.com>
Date: Thu Nov 2 17:20:33 2017 +0000
openssl: update 1.0.2m bottle.
Recently I was struggling due to the recent update in openssl version from 1.0 to 1.1 and wanted to revert it back to older version. No other solution except the one given below worked for me:
brew install rbenv/tap/openssl#1.0
rvm reinstall 1.9.3-p551 --with-openssl-dir='/usr/local/opt/openssl#1.0'
gem update --system
Instead of downloading the specific version of Formula/openssl.rb you can just use the raw reference to the file with the specific commit SHA as mentioned here.
So for the last update to version 1.0.2t the SHA is 8b9d6d688f483a0f33fcfc93d433de501b9c3513
commit 8b9d6d688f483a0f33fcfc93d433de501b9c3513
Author: BrewTestBot <homebrew-test-bot#lists.sfconservancy.org>
Date: Sat Sep 28 19:38:49 2019 +0000
openssl: update 1.0.2t bottle.
So I would execute the following command to install 1.0.2t.
brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/8b9d6d688f483a0f33fcfc93d433de501b9c3513/Formula/openssl.rb
1- Download the file:
wget https://github.com/tebelorg/Tump/releases/download/v1.0.0/openssl.rb
2 - Run brew with the file downloaded:
brew install openssl.rb
Other solutions won't work because you will get this error "Calling Installation of openssl from a GitHub commit URL is disabled! Use 'brew extract openssl' to stable tap on GitHub instead." the following steps will fix it:
First go to the local installation of homebrew
cd /usr/local/Homebrew/
Homebrew 2.5 remove the option to install formulas directly from git repos so we need to checkout an older version
git checkout 2.3.0
Install openssl latest 1.0.x version
HOMEBREW_NO_AUTO_UPDATE=1 brew install https://github.com/tebelorg/Tump/releases/download/v1.0.0/openssl.rb
Go back to current version of homebrew
git co -
Tell brew to use the old version of openssl this way you can chose wich version to use if you have both intalled
brew switch openssl 1.0.2t
Update - I think I've been getting downvotes because I've simply posted a link without the solution. So here's the solution:
Download this formula for OpenSSL V1.0 (It is patched to work with the arm64 processor)
Install it brew install openssl#1.0.rb
Add this version to the beginning of your PATH.
Note: Make sure that RVM is the last PATH variable change in your shell config file (.zshrc / .bashrc)
echo 'export PATH="/opt/homebrew/opt/openssl#1.0/bin:$PATH"' >> ~/.zshrc
Export some required environment variables
export LDFLAGS="-L/opt/homebrew/opt/openssl#1.0/lib"
export CPPFLAGS="-I/opt/homebrew/opt/openssl#1.0/include"
export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl#1.0/lib/pkgconfig"
Reload your shell config source ~/.zshrc
Verify your openssl version
> openssl version
OpenSSL 1.0.2u 20 Dec 2019
Disable RVM autolibs rvm autolibs disable
Export some env variables to avoid compilation errors
export RUBY_CFLAGS=-DUSE_FFI_CLOSURE_ALLOC
export optflags="-Wno-error=implicit-function-declaration"
Install Ruby
rvm install 2.3.0 --with-openssl-dir=/opt/homebrew/opt/openssl#1.0
Ref
Maybe it's not a perfect idea, but it solved my problem (libssl.1.0.0.dylib image not found):
sudo ln -s /usr/lib/libssl.dylib /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
sudo ln -s /usr/lib/libcrypto.dylib /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib
Hope it works for you!
See this reply
Here is the linux-brew formula for openssl#1.0.2
brew install https://raw.githubusercontent.com/Homebrew/linuxbrew-core/20ab55b304597c6c47149dc0e50bd5f7ea45b678/Formula/openssl.rb
Just wondering if anyone can help fix homebrew for me. It was working a minute ago...
I am trying to install new packages using Homebrew on my 2 Macbooks. Both are running High Sierra, which I suspect might be the problem due to Apple borking root permissions...
Anyway, my issue goes a little something like this:
❯❯❯ brew install git
Error: git 2.14.2 is already installed
To upgrade to 2.15.1, run `brew upgrade git`
Okay. Lets upgrade Git.
❯❯❯ brew upgrade git
==> Upgrading 1 outdated package, with result:
git 2.15.1
==> Upgrading git
==> Downloading https://homebrew.bintray.com/bottles/git-2.15.1.high_sierra.bottle.tar.gz
Error: curl is not executable
Warning: Bottle installation failed: building from source.
==> Downloading https://www.kernel.org/pub/software/scm/git/git-2.15.1.tar.xz
Error: curl is not executable
Strange. I use curl daily...
❯❯❯ curl
curl: try 'curl --help' or 'curl --manual' for more information
❯❯❯ which curl
/usr/bin/curl
❯❯❯ ls -al /usr/bin/curl
-rwxr-xr-x 1 root wheel 185104 Dec 1 15:45 /usr/bin/curl
So it exists and looks executable. Maybe the homebrew links got messed up? I will re-install curl using brew
❯❯❯ brew install curl
==> Downloading https://homebrew.bintray.com/bottles/curl-7.57.0.high_sierra.bottle.tar.gz
Error: curl is not executable
Warning: Bottle installation failed: building from source.
==> Downloading https://curl.haxx.se/download/curl-7.57.0.tar.bz2
Error: curl is not executable
So basically homebrew is not working for me. On TWO different machines running the same Mac OS version 10.13.2
NOTE: This is not limited in any way to installing git. The problem started trying to install minikube.
UPDATE
I checked my setup via brew config and noticed that although I DO have curl installed, homebrew does not see it: Curl: N/A
HOMEBREW_VERSION: 1.4.1
ORIGIN: https://github.com/Homebrew/brew
HEAD: b4d43e950fd45c24e48d6ebfd3013357abcd21a9
Last commit: 10 days ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 809322678d0fb7ab034348f86f0e452eff203b49
Core tap last commit: 73 minutes ago
HOMEBREW_PREFIX: /usr/local
HOMEBREW_VISUAL: nano
CPU: octa-core 64-bit haswell
Homebrew Ruby: 2.3.3 => /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.3/bin/ruby
Clang: 9.0 build 900
Git: 2.14.3 => /Applications/Xcode.app/Contents/Developer/usr/bin/git
Curl: N/A
Perl: /usr/bin/perl
Python: /usr/local/opt/python/libexec/bin/python => /usr/local/Cellar/python/2.7.14/Frameworks/Python.framework/Versions/2.7/bin/python2.7
Ruby: /usr/bin/ruby => /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/bin/ruby
Java: 1.8.0_31
macOS: 10.13.2-x86_64
Xcode: 9.2
CLT: 9.2.0.0.1.1510905681
X11: 2.7.9 => /opt/X11
The OS already has curl installed, but homebrew does not see it.
I cannot install curl using homebrew (see above).
So now the problem becomes "How do I fix homebrew so it sees curl"?
I was running into the same issue yesterday. For me it was caused by a file called curl left over from a botched command in the same directory where I was running brew. Deleting that file resolved the issue.
I had same problem and I have no idea how but I fixed it. First I uninstalled any brew-version of curl that was installed. Then, when that didn't work, I navigated to \bin\usr\curl to make sure it was still there. I then ran curl in terminal (just literally `curl' and then which curl to make sure it was using right one), and then reran brew and it seemed to work. I think what happens is that for some reason in new Mac files sometimes don't appear locally until you open them for the first time when using iCloud. Its happened before with other dependencies, where I had to navigate to file and physically open it before it would be locally downloaded and be recognized as a dependency. Not sure if Mac does same thing with curl. If so, quite dumb.
I had this same issue, also on Mac OS High Sierra. I ended up running brew uninstall curl. This gave me an error, but then when I installed Homebrew curl again, it worked and I could install git and others.
if you have tried everything and nothing helps, if you're facing permissions issues - try to re-install the Homebrew:
uninstall:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall)"
and then install it again:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
helped in my case
I'm trying to use composer to install packages but I get this message :
The "https://packages.drupal.org/8/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Failed to enable crypto
failed to open stream: operation failed
I upgraded my homebrew openssl to the last version but composer seems to use an old installation in MAMP library:
$ which openssl
/Applications/MAMP/Library/bin/openssl
$ openssl version -d
OPENSSLDIR: "/Applications/MAMP/Library/OpenSSL"
$ whereis openssl
/usr/bin/openssl
$ openssl version
OpenSSL 1.0.2j 26 Sep 2016
anyway I get this when I try to reinstall composer:
$ curl -sS https://getcomposer.org/installer | php
Downloading...
Composer (version 1.5.2) successfully installed to: /Volumes/YOM_2/htdocs/composer.phar
Use it: php composer.phar
Some settings on your machine may cause stability issues with Composer.
If you encounter issues, try to change the following:
The OpenSSL library (0.9.8y) used by PHP does not support TLSv1.2 or TLSv1.1.
If possible you should upgrade OpenSSL to version 1.0.1 or above.
How can I make it use the last version? I'm lost...
Thank you.
I'm working on OS X 10.11.4. I'm trying to get started with Zend Framework2 and am using the official manual so have installed composer. When installing composer I got this warning:
The OpenSSL library (0.9.8zc) used by PHP does not support TLSv1.2 or
TLSv1.1. If possible you should upgrade OpenSSL to version 1.0.1 or
above.
So I opened Terminal and used the following to check my openssl version:
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016
So I looked into updating and came across How to upgrade OpenSSL in OS X on the Apple Stack Exchange. I then used the following to update HomeBrew and install the latest version of OpenSSL
$ brew update
$ brew install openssl
But got this warning:
Warning: openssl-1.0.2g already installed
So then I followed this advice (Update OpenSSL on OS X with Homebrew - top answer)
$ brew unlink openssl && brew link openssl --force
Unlinking /usr/local/Cellar/openssl/1.0.2g... 1591 symlinks removed
Linking /usr/local/Cellar/openssl/1.0.2g... 1588 symlinks created
$ which openssl
/usr/local/bin/openssl
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016
So it seems I have the updated version on my machine but it isn't being used by default?
Sorry for my naivety but I'm a complete beginner.
Can any one tell me what I'm doing wrong?
Thanks in advance