Its strange that this thread is coming up now because I’ve been working on a patch to implement #4 for the past couple of weeks. My motivation for doing so was to have integration with the macOS Keychain and gain the ability to pull client certificates from it rather than having to load them from a PEM file on disk. I had complete forgotten about the deprecation and omission of OpenSSL on macOS and the requirement that project now include their own OpenSSL binaries. It seems that my patch ought to help out with that too.
https://developer.apple.com/library/content/documentation/Security/Conceptual/cryptoservices/SecureNetworkCommunicationAPIs/SecureNetworkCommunicationAPIs.html <https://developer.apple.com/library/content/documentation/Security/Conceptual/cryptoservices/SecureNetworkCommunicationAPIs/SecureNetworkCommunicationAPIs.html> I need to do a bit more testing, but if there is community interest, I’d be happy to accelerate my plans and submit a patch to Dr. Hipp soon. Ryan > On Apr 12, 2017, at 9:02 PM, Guy Harris <[email protected]> wrote: > > On Apr 12, 2017, at 8:46 PM, Richard Hipp <[email protected]> wrote: > >> OK, can you suggest a fix for getting the build to work correctly on >> your machine? > > 1) Try to convince Apple to provide OpenSSL header files - perhaps by > convincing them to implement the OpenSSL API atop their own SSL code, as I > think they really want everybody to use their SSL code, the fact that this > isn't going to work well with all the non-macOS-specific free software out > there notwithstanding. > > 2) Try to build on a machine running a version of the OS that has the OpenSSL > headers (meaning "not Sierra, and possibly not some earlier versions" - I > don't remember whether it was Sierra or El Capitan or Yosemite or even > earlier when they got rid of the OpenSSL headers). > > 3) Ship it as an installer package that includes both the Fossil binary and a > version of OpenSSL, and have the package install the binary in /usr/local/bin > and the OpenSSL libraries in /usr/local/lib. > > 4) Try to use Apple's APIs on macOS and OpenSSL everywhere else (if that's > possible, and if Apple's APIs are available on all the OS versions you want > to support). > > 5) Abandon the attempt to provide binaries and require that people build from > source. > > I'm getting it to work on my machine by just building and installing OpenSSL > from source, and then building Fossil from source. > > I suspect 1) isn't going to work, and 4) might be a pain. (I may try to dive > into that pool of pain anyway with tcpdump, which uses OpenSSL APIs for some > crypto purposes.) > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
