<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><div><p class=MsoNormal style='margin-left:.5in'>The problem is that symlinking doesn't work in this case. Sure, I can install openSSL, and then it works. For me. But I'm trying to distribute an application, and to do that on modern macs, I need a hardened run time. And the rule for that is that all code your application uses must be signed either by you or by apple. <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><p class=MsoNormal><span style='color:#0070C0'>It is trivial to install OpenSSL-1.1.1 via Macports, and build/link an app with hardened run time against it. XCode offers an option to embed and sign the libraries you’re linking against.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#0070C0'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#0070C0'>Another option is to state in the docs that this app depends on user installing Macports port “openssl11”.</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#0070C0'>If neither option is sufficient, I can’t help you, sorry.<o:p></o:p></span></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:.5in'>On Sat, Nov 20, 2021 at 5:28 AM Blumenthal, Uri - 0553 - MITLL <<a href="mailto:uri@ll.mit.edu">uri@ll.mit.edu</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal style='margin-left:.5in'>Here's how Macports did it:<br><br>1. Installed OpenSSL-1.1.1 into /opt/local/libexec/openssl11;<br>2. Installed OpenSSL-3.0.0 into /opt/local/libexec/openssl3;<br>3. Symlinked OpenSSL-3.0.0 libraries into /opt/local/lib (primary directory where stuff lives);<br><br>I added symlinking /opt/local/libexec/openssl11/lib/libcrypto.1.1.dylib into /opt/local/lib too.<br><br>This allows compiling new apps against OpenSSL-1.1.1 in /opt/local/libexec/openssl11. Old binaries do not need to be recompiled, as they can find libcrypto.1.1.dylib and libssl.1.1.dylib in the "standard" location (/opt/local/lib).<br><br>Hope this helps.<br>--<br>Regards,<br>Uri<br><br>There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.<br>The other is to make it so complex there are no obvious deficiencies.<br> - C. A. R. Hoare<br><br><br>On 11/19/21, 13:16, "openssl-users on behalf of Viktor Dukhovni" <<a href="mailto:openssl-users-bounces@openssl.org" target="_blank">openssl-users-bounces@openssl.org</a> on behalf of <a href="mailto:openssl-users@dukhovni.org" target="_blank">openssl-users@dukhovni.org</a>> wrote:<br><br> On Fri, Nov 19, 2021 at 05:36:24PM +1100, Grahame Grieve wrote:<br><br> > It's very definitely something active that OSX is doing. Here's an OSX<br> > error generated:<br> > <br> > System Integrity Protection: enabled<br> > <br> > Crashed Thread: 0 Dispatch queue: com.apple.main-thread<br> > <br> > Exception Type: EXC_CRASH (SIGABRT)<br> > Exception Codes: 0x0000000000000000, 0x0000000000000000<br> > Exception Note: EXC_CORPSE_NOTIFY<br> > <br> > Application Specific Information:<br> > abort() called<br> > Invalid dylib load. Clients should not load the unversioned libcrypto<br> > dylib as it does not have a stable ABI.<br><br> Well, I think that's evidence of confusion about which "libcrypto" to<br> load. It sure seems that you're trying to load the default system<br> libcrypto, not the one in the application bundle.<br><br> You should probably arrange to "salt" the names of the libssl and<br> libcrypto libraries used by your application, so that there can't<br> be any confusion with the platform's libssl and libcrypto.<br><br> May also need to do something to avoid symbol name collisions, but I<br> haven't looked into how that works on Darwin, so can't offer specific<br> advice.<br><br> -- <br> Viktor.<o:p></o:p></p></blockquote></div><p class=MsoNormal style='margin-left:.5in'><br clear=all><o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:.5in'>-- <o:p></o:p></p><div><div><p class=MsoNormal style='margin-left:.5in'>-----<br><a href="http://www.healthintersections.com.au" target="_blank">http://www.healthintersections.com.au</a> / <a href="mailto:grahame@healthintersections.com.au" target="_blank">grahame@healthintersections.com.au</a> / +61 411 867 065<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><span style='font-family:"Arial",sans-serif;color:#222222'>Benson & Grieve: Principles of Health Interoperability (Health Information Technology Standards), 4th ed</span><span style='color:#222222'> </span><span style='font-family:"Arial",sans-serif;color:#222222'>- </span><span style='font-family:"Arial",sans-serif'><a href="http://www.springer.com/978-3-030-56882-5" target="_blank"><span style='color:#1155CC'>http://www.springer.com/978-3-030-56882-5</span></a></span><o:p></o:p></p></div></div></div></div></body></html>