OpenSSL 1.1 on OSX

Blumenthal, Uri - 0553 - MITLL uri at
Fri Nov 19 18:28:23 UTC 2021

Here's how Macports did it:

1. Installed OpenSSL-1.1.1 into /opt/local/libexec/openssl11;
2. Installed OpenSSL-3.0.0 into /opt/local/libexec/openssl3;
3. Symlinked OpenSSL-3.0.0 libraries into /opt/local/lib (primary directory where stuff lives);

I added symlinking /opt/local/libexec/openssl11/lib/libcrypto.1.1.dylib into /opt/local/lib too.

This allows compiling new apps against OpenSSL-1.1.1 in /opt/local/libexec/openssl11. Old binaries do not need to be recompiled, as they can find libcrypto.1.1.dylib and libssl.1.1.dylib in the "standard" location (/opt/local/lib).

Hope this helps.
There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare

On 11/19/21, 13:16, "openssl-users on behalf of Viktor Dukhovni" <openssl-users-bounces at on behalf of openssl-users at> wrote:

    On Fri, Nov 19, 2021 at 05:36:24PM +1100, Grahame Grieve wrote:

    > It's very definitely something active that OSX is doing. Here's an OSX
    > error generated:
    > System Integrity Protection: enabled
    > Crashed Thread:        0  Dispatch queue:
    > Exception Type:        EXC_CRASH (SIGABRT)
    > Exception Codes:       0x0000000000000000, 0x0000000000000000
    > Exception Note:        EXC_CORPSE_NOTIFY
    > Application Specific Information:
    > abort() called
    > Invalid dylib load. Clients should not load the unversioned libcrypto
    > dylib as it does not have a stable ABI.

    Well, I think that's evidence of confusion about which "libcrypto" to
    load.  It sure seems that you're trying to load the default system
    libcrypto, not the one in the application bundle.

    You should probably arrange to "salt" the names of the libssl and
    libcrypto libraries used by your application, so that there can't
    be any confusion with the platform's libssl and libcrypto.

    May also need to do something to avoid symbol name collisions, but I
    haven't looked into how that works on Darwin, so can't offer specific

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list