Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save gbeine/51e5d57af9902657c9af9fe185c320a4 to your computer and use it in GitHub Desktop.
Save gbeine/51e5d57af9902657c9af9fe185c320a4 to your computer and use it in GitHub Desktop.
Installing Net::SSLeay with openssl from homebrew (OS X)

Installing Net::SSLeay with openssl from homebrew (macOS)

You don't need to do anything fancy other than running cpanm - with the most recent Net::SSLeay things should Just Work.

Updated 2020-Mar-10

I realized that since Net::SSLeay is looking in known places (including homebrew's install locations) for openssl, it means that my instructions that set up environment variables are no longer necessary! The following will install the module:

# openssl 1.0.2d
cpanm --interactive --verbose Net::SSLeay

# openssl 1.1.1d - but tests fail; --force is needed
OPENSSL_PREFIX=/usr/local/opt/openssl@1.1 cpanm --interactive --verbose Net::SSLeay

Updated 2020-Mar-09

The original work I did in this gist was in 2015 - a different time! I was using Mac OS X 10.11, perl 5.22, and Net::SSLeay 1.72. I can't recall what OpenSSL version though. See below for the original writeup.

Now I'll update the instructions, using:

  • macOS 10.15
  • Net::SSLeay 1.88
  • perl 5.30.1
  • openssl 1.0.2d

I've noticed that this version of Net::SSLeay is now looking in some known places for OpenSSL, including where brew install openssl installs it. After running through the steps I did before (i.e., run perl Makefile.PL, and inspect the generated Makefile for the relevant options), here's the new cpanm command I generated. I didn't need to add any /usr/local/opt/openssl dirs to -I/-L options by hand - thank you to the Net::SSLeay devs! These are the commands I ran to install Net::SSLeay:

CONFIG_ARGS=$( tr '\n' ' ' <<EOF
LDDLFLAGS="-mmacosx-version-min=10.15 -bundle -undefined dynamic_lookup -L/usr/local/opt/openssl -L/usr/local/opt/openssl/lib -L/usr/local/lib -fstack-protector-strong"
LDFLAGS="-mmacosx-version-min=10.15 -fstack-protector-strong -L/usr/local/opt/openssl -L/usr/local/opt/openssl/lib -L/usr/local/lib"
cpanm Net::SSLeay --configure-args "$CONFIG_ARGS" --interactive --verbose

If you get a build error like 'openssl/err.h' file not found you should check that you've installed openssl with brew install openssl first. brew list openssl should list all of the files of that formula if it is installed.

openssl 1.1

I also noticed that I had both openssl and openssl@1.1 brew formulas installed. Why not try the newer openssl? Repeating the steps to pull out the Makefile options after generating the file with OPENSSL_PREFIX=/usr/local/opt/openssl@1.1 perl Makefile.PL, I got:

CONFIG_ARGS=$( tr '\n' ' ' <<EOF
LDDLFLAGS="-mmacosx-version-min=10.15 -bundle -undefined dynamic_lookup -L/usr/local/opt/openssl@1.1 -L/usr/local/opt/openssl@1.1/lib -L/usr/local/lib -fstack-protector-strong"
LDFLAGS="-mmacosx-version-min=10.15 -fstack-protector-strong -L/usr/local/opt/openssl@1.1"
cpanm Net::SSLeay --configure-args "$CONFIG_ARGS" --interactive --verbose

My installed openssl@1.1 version was 1.1.1d. Running the above mostly worked - some compiler warnings, plus one failed test t/external/15_altnames.t. Building against openssl 1.0.2d did not have these issues. Investigating the 15_altnames.t failure more closely showed that would fail the test for getting subject alternate names, but not or So the test failure is probably not a big issue - add the --force option to cpanm to make it install with openssl@1.1 if that issue doesn't bother you.

Original writeup from Nov. 2015

Start with openssl from homebrew:

brew install openssl

And you get the message after installation:

This formula is keg-only, which means it was not symlinked into /usr/local.

Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include

There isn't much to do about the Apple deprecation of OpenSSL, I think we're stuck building Net::SSLeay against OpenSSL.

Most of the options and flags are from the generated Makefile, but passing extra options seems to clobber what perl Makefile.PL wants to put into the Makefile, so these are copied, and the extra -L/-I options pointing to the homebrew openssl are added.

Added --interactive so you can enable the on-line testing of the built Net::SSLeay.

Added --verbose because verbosity.

CONFIG_ARGS=$( cat <<_EOF_ | tr '\n' ' '
LDDLFLAGS="-bundle -undefined dynamic_lookup -fstack-protector-strong -L/usr/local/opt/openssl/lib"
LDFLAGS="-fstack-protector-strong -L/usr/local/opt/openssl/lib"
cpanm Net::SSLeay --configure-args "$CONFIG_ARGS" --interactive --verbose
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment