Apple removed the OpenSSL header files in “El Capitan”, making it hard to build OpenSSL-dependent libraries without modifying your system a little bit.
Ready? Now, repeat after me:
$ brew doctor (now fix anything that it tells you to fix) $ brew update $ brew upgrade
We’re just warming up with all that; it’s good to stay current with things like OpenSSL, which tends to go stale fast. Now let’s install it:
$ brew install openssl
And now we’ll link it into our public area so you don’t have to figure out the magic environment variable to set while building your favorite OpenSSL-backed library:
$ cd /usr/local/include $ ln -s ../opt/openssl/include/openssl .
If you use the
openssl utility, prepend
/usr/local/opt/openssl/bin to your
$PATH environment variable.
All done! Now you have an OpenSSL installed that you can build against easily and will stay up to date as often as you run
brew update and
Update: 13 June 2017
I have found in some cases that the library path must also be amended. I haven’t figured this one out yet in the general case, but this always works, even though it’s a mess:
$ cd /usr/local/lib $ $ for i in ../opt/openssl/lib/lib*; do ln -vs $i .; done ./libcrypto.1.0.0.dylib -> ../opt/openssl/lib/libcrypto.1.0.0.dylib ./libcrypto.a -> ../opt/openssl/lib/libcrypto.a ./libcrypto.dylib -> ../opt/openssl/lib/libcrypto.dylib ./libssl.1.0.0.dylib -> ../opt/openssl/lib/libssl.1.0.0.dylib ./libssl.a -> ../opt/openssl/lib/libssl.a ./libssl.dylib -> ../opt/openssl/lib/libssl.dylib
This creates links to libcrypto and libssl so that linker instructions (
-lcrypto) can find these libraries without having to add a
-L/usr/local/opt/openssl/include, which for recursive builds is language and package dependent. Your input is welcome!
Update: 26 August 2017
An alert reader points out that brew advises against creating links:
$ brew link openssl --force Warning: Refusing to link: openssl Linking keg-only openssl means you may end up linking against the insecure, deprecated system OpenSSL while using the headers from Homebrew's openssl. Instead, pass the full include/library paths to your compiler e.g.: -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib"
This is good advice. Unfortunately not all software allows you to pass in these options.
I recognize this is the canonical way (along with a variety of environment variables—I’ve been building C libraries since the 90s) but for the cases where this is not possible, I wrote this tutorial.
Last modified on 2015-12-08