Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Build latest OpenSSL Universal Binary on OSX
#!/bin/bash
OPENSSL_VERSION="1.0.1g"
curl -O http://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz
tar -xvzf openssl-$OPENSSL_VERSION.tar.gz
mv openssl-$OPENSSL_VERSION openssl_i386
tar -xvzf openssl-$OPENSSL_VERSION.tar.gz
mv openssl-$OPENSSL_VERSION openssl_x86_64
cd openssl_i386
./Configure darwin-i386-cc -shared
make
cd ../
cd openssl_x86_64
./Configure darwin64-x86_64-cc -shared
make
cd ../
lipo -create openssl_i386/libcrypto.1.0.0.dylib openssl_x86_64/libcrypto.1.0.0.dylib -output libcrypto.1.0.0.dylib
lipo -create openssl_i386/libssl.1.0.0.dylib openssl_x86_64/libssl.1.0.0.dylib -output libssl.1.0.0.dylib
rm openssl-$OPENSSL_VERSION.tar.gz
@bugQ

This comment has been minimized.

Copy link

@bugQ bugQ commented Mar 9, 2012

Huh, didn't think it was that easy...

@DrLou

This comment has been minimized.

Copy link

@DrLou DrLou commented Jan 7, 2013

Just used this recipe for successful build of VERSION=1.0.1c - worked great.
Small note: I directed output directly to /usr/local/lib.
Super Notes, Thanks!

@toshiyukihina

This comment has been minimized.

Copy link

@toshiyukihina toshiyukihina commented Aug 24, 2013

Good recipe, Thanks!

@tmiz

This comment has been minimized.

Copy link
Owner Author

@tmiz tmiz commented Apr 12, 2014

I updated this snippet for security

@lyubod

This comment has been minimized.

Copy link

@lyubod lyubod commented May 17, 2014

Your script is quite good in many ways, for example it's nice that it downloads the source with curl.

But it strips the version number from the directory name, leaving only the CPU architecture. Might get confusing sometimes, if you build more than one version without deleting/moving/renaming the prior build. Why not add the variable OPENSSL_VERSION to the directory name, that way it's explicitly stated and unambiguous.

Also, notice how the output files have the wrong version: libcrypto.1.0.0.dylib (instead of 1.0.1). It's a tiny difference, but it's not just a name. I bet if you run otool -L on one of those .dylibs chances are it will also say 1.0.0 next to "compatibility version" - meaning code linked explicitly against 1.0.1 or higher could easily not run for this reason alone. Setting the correct version happens during the build, so it's a problem with the source, but better to fix it somehow, even hacking it manually into the Makefile works, if it's a one time fix.

also, your configure line is missing two useful parameters: --prefix= --openssldir=
--prefix= is the directory where the binary openssl and dylibs will end up, and --openssldir= is the directory where openssl.cnf lives.

And you seem to have missed the openssl binary, which the source builds in the apps subdirectory. Kind of useful, since it can calculate md5 and sha sums. But it has to be linked to the same version of libssl, so Apple's binary may or may not work with libssl 1.0.1 but the reverse is definitely unlikely. This is why the version numbers matter.

Oh, and since a lot of this software runs on arm (iphone,ipad) and at least until Mac OS X 10.5 on powerpc, two Intel compatible binaries is hardly universal :-) I wrote a similar script to compile openssl 1.0.1g for all 4 CPU architectures Xcode 3.1 on 10.5 handles - 32/64 bit PowerPC and 32/64 bit Intel. Not posted anywhere yet, but I can post it on Gist myself, and add the link if I can edit the comment later, or just in another separate comment.

@thierrymarianne

This comment has been minimized.

Copy link

@thierrymarianne thierrymarianne commented Sep 16, 2014

@lyubod, I would be very much interested in accessing your version of this gist.

@tmiz, thank you for having posted this gist! It helps A LOT!

@gahea

This comment has been minimized.

Copy link

@gahea gahea commented Oct 9, 2014

great! good work. but you should update ssl version to 1.0.1i

@bernardotorres

This comment has been minimized.

Copy link

@bernardotorres bernardotorres commented Dec 4, 2014

made some fixes based on @lyubod suggestions
I did not include other platforms by default since not all systems are prepared to build it, but if your system enables it, it's just a matter of adding to the PLATFORMS variable, using the platform name provided by ./Configure

@thehesiod

This comment has been minimized.

Copy link

@thehesiod thehesiod commented Feb 20, 2015

I suggest applying http://www.linuxfromscratch.org/patches/downloads/openssl/

I used patch -Np1 -i ...

@mbgearhead

This comment has been minimized.

Copy link

@mbgearhead mbgearhead commented Mar 19, 2015

I just forked and updated this gist to install latest openssl 0.9.8zf on OSX. For me, I am running 10.9.5 mavericks (due to application incompatibilities with 10.10) and this version requires version 0.9.8 for key app library support. Added commands to install the library over the system openssl.

@iEremin

This comment has been minimized.

Copy link

@iEremin iEremin commented Apr 11, 2015

I modified your script to make result library portable: https://bitbucket.org/snippets/Zifix/88ny/

@HarryStrand

This comment has been minimized.

Copy link

@HarryStrand HarryStrand commented Jul 14, 2015

You rock! I spent a frustrating afternoon trying to figure out how to build that, and I came across this 5 minutes before I was going to go home in disgust. Now I get to go home victorious! Thanks so much! I just wish I'd seen it earlier today!

@yoe

This comment has been minimized.

Copy link

@yoe yoe commented Sep 25, 2015

This thing misses one bit, arguably the most important one:

Download and verify security signatures.

For something crypto-related, this is an absolute must.

@AttitudeMonger

This comment has been minimized.

Copy link

@AttitudeMonger AttitudeMonger commented Jan 6, 2016

This was neat!

@Motti-Shneor

This comment has been minimized.

Copy link

@Motti-Shneor Motti-Shneor commented Apr 10, 2016

Many nice people here hinted on better build-scripts they've made... could one of you please spare a link?

I need: 1. shared (dylib) and static, OS-X only (actually 64bit is enough for me). I need to build relocatable dylibs (OS-X Frameworks) linked against openssl libs (libcrypto and libssl)

@suavesav

This comment has been minimized.

Copy link

@suavesav suavesav commented Apr 27, 2016

This is brilliant

@mynameisjohn

This comment has been minimized.

Copy link

@mynameisjohn mynameisjohn commented Jun 16, 2016

Thanks!

@mrsinghgit

This comment has been minimized.

Copy link

@mrsinghgit mrsinghgit commented Nov 16, 2016

@tmiz, great work buddy!!!
@lyubod, I am currently writing a script that compiles Openssl on standard Linux, ARM Linux, OS X. I would be very much interested in your version of this script. It will save me a lot of time. Thanks in advance.

@wuaschtikus

This comment has been minimized.

Copy link

@wuaschtikus wuaschtikus commented Dec 27, 2016

You may want to modify your curl request to curl -O -L http://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz. I had to struggle with a redirect -L automatically follows...

@sammcj

This comment has been minimized.

Copy link

@sammcj sammcj commented Jul 20, 2018

FYI as of the time of writing this the current openssl version is openssl-1.0.2o

@Blizzardo1

This comment has been minimized.

Copy link

@Blizzardo1 Blizzardo1 commented Aug 13, 2018

Although very old, I wonder if this could still work for Mac OS X 10.4 on PPC with openssl 1.1.1

@Abdelilahskali

This comment has been minimized.

Copy link

@Abdelilahskali Abdelilahskali commented Jul 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment