OpenSSL 1.1 on OSX

Grahame Grieve grahame at
Sat Nov 20 02:36:15 UTC 2021

> The problem is that symlinking doesn't work in this case. Sure, I can
> install openSSL, and then it works. For me. But I'm trying to distribute an
> application, and to do that on modern macs, I need a hardened run time. And
> the rule for that is that all code your application uses must be signed
> either by you or by apple.
> It is trivial to install OpenSSL-1.1.1 via Macports, and build/link an app
> with hardened run time against it.

well, I'm sure it's due to my own deficiencies, but I'm not finding it all
trivial to produce an app with a hardened run time that works with openssl.

> XCode offers an option to embed and sign the libraries you’re linking
> against.

unfortunately, I'm not using XCode, since I'm writing a cross-platform app.
That's ok - I figured out how to embed and sign the libraries myself.
Only... that wasn't enough in this specific case,  because of a specific
OSX rule for openSSL.

> Another option is to state in the docs that this app depends on user
> installing Macports port “openssl11”.

Only, this is not an option. At least not experimentally, nor based on this:

" Hardened Runtime only allows executables to load code that has been
code-signed by the same team, or by Apple"

( - not explicit apple
documentation, but matches my testing)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list