Created
April 27, 2024 01:55
-
-
Save hellysmile/f58a6e32656ac1101cf6a64d0674f2c8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class OpensslAT10 < Formula | |
desc "SSL/TLS cryptography library" | |
homepage "https://openssl.org/" | |
url "https://ftp.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz" | |
mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz" | |
sha256 "ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16" | |
revision 1 | |
version_scheme 1 | |
keg_only :provided_by_macos, | |
"openssl/libressl is provided by macOS so don't link an incompatible version" | |
patch do | |
url "https://raw.githubusercontent.com/lavabit/magma/682101e08114be9b006aadb228943c487dfb1abf/lib/patches/openssl/1.0.2_update_expiring_certificates.patch" | |
end | |
# SSLv2 died with 1.1.0, so no-ssl2 no longer required. | |
# SSLv3 & zlib are off by default with 1.1.0 but this may not | |
# be obvious to everyone, so explicitly state it for now to | |
# help debug inevitable breakage. | |
def configure_args | |
%W[ | |
--prefix=#{prefix} | |
--openssldir=#{openssldir} | |
no-ssl2 | |
no-ssl3 | |
no-zlib | |
shared | |
enable-cms | |
] | |
end | |
def install | |
# This could interfere with how we expect OpenSSL to build. | |
ENV.delete("OPENSSL_LOCAL_CONFIG_DIR") | |
# This ensures where Homebrew's Perl is needed the Cellar path isn't | |
# hardcoded into OpenSSL's scripts, causing them to break every Perl update. | |
# Whilst our env points to opt_bin, by default OpenSSL resolves the symlink. | |
ENV["PERL"] = Formula["perl"].opt_bin/"perl" if which("perl") == Formula["perl"].opt_bin/"perl" | |
arch_args = %W[darwin64-#{Hardware::CPU.arch}-cc enable-ec_nistp_64_gcc_128] | |
ENV.deparallelize | |
system "perl", "./Configure", *(configure_args + arch_args) | |
system "make" | |
system "make", "test" | |
system "make", "install", "MANDIR=#{man}", "MANSUFFIX=ssl" | |
end | |
def openssldir | |
etc/"openssl@1.0" | |
end | |
def post_install | |
keychains = %w[ | |
/System/Library/Keychains/SystemRootCertificates.keychain | |
] | |
certs_list = `security find-certificate -a -p #{keychains.join(" ")}` | |
certs = certs_list.scan( | |
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m, | |
) | |
valid_certs = certs.select do |cert| | |
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout >/dev/null", "w") do |openssl_io| | |
openssl_io.write(cert) | |
openssl_io.close_write | |
end | |
$CHILD_STATUS.success? | |
end | |
openssldir.mkpath | |
(openssldir/"cert.pem").atomic_write(valid_certs.join("\n") << "\n") | |
end | |
def caveats | |
<<~EOS | |
A CA file has been bootstrapped using certificates from the system | |
keychain. To add additional certificates, place .pem files in | |
#{openssldir}/certs | |
and run | |
#{opt_bin}/c_rehash | |
EOS | |
end | |
test do | |
# Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody. | |
assert_predicate HOMEBREW_PREFIX/"etc/openssl@1.0/openssl.cnf", :exist?, | |
"OpenSSL requires the .cnf file for some functionality" | |
# Check OpenSSL itself functions as expected. | |
(testpath/"testfile.txt").write("This is a test file") | |
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249" | |
system bin/"openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt" | |
open("checksum.txt") do |f| | |
checksum = f.read(100).split("=").last.strip | |
assert_equal checksum, expected_checksum | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment