升级Mac自带的openssl

Corwien
由于Mac自带的 openssl 太老了,所以,这里因为安装python扩展包需要升级到高版本,所以,总结下升级过程。

一、安装openssl

首先,来看看我们的openssl 的版本和目录:

➜  ~ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

➜  ~ which openssl
/usr/bin/openssl
➜  ~

通过上面的查看,明显我们的版本号太低了。

按照上面的步骤,我们首先更新homebrew

brew update

安装:

brew install openssl

# 重新安装
# brew reinstall openssl

安装成功后:

~ brew reinstall openssl
==> Reinstalling openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2p.el_capitan.bottle.tar.gz
Already downloaded: /Users/kaiyiwang/Library/Caches/Homebrew/downloads/96bc2acd84d0fe609dcbe4c6436c864808f7e8f26f2f12111f552f5972c3840a--openssl-1.0.2p.el_capitan.bottle.tar.gz
==> Pouring openssl-1.0.2p.el_capitan.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.

If you need to have openssl first in your PATH run:
  echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc

For compilers to find openssl you may need to set:
  export LDFLAGS="-L/usr/local/opt/openssl/lib"
  export CPPFLAGS="-I/usr/local/opt/openssl/include"

==> Summary
🍺  /usr/local/Cellar/openssl/1.0.2p: 1,793 files, 12.2MB

说明我们成功的将openssl安装到/usr/local/Cellar/openssl/1.0.2p

二、更换旧的

不过,我们还有最后一步,那就是当我们使用openssl时,使用的是我们用homebrew新下载的openssl。为了达到这个目的,我们有两种方法。

将homebrew下载的openssl软链接/usr/bin/openssl目录下。这里,我们先将它保存一份老的,然后再软链接新下载的。


$ mv /usr/bin/openssl /usr/bin/openssl_old
mv: rename /usr/bin/openssl to /usr/bin/openssl_old: Operation not permitted
$ ln -s /usr/local/Cellar/openssl/1.0.2p/bin/openssl /usr/bin/openssl
ln: /usr/bin/openssl: Operation not permitted

Operation not permitted提示没有权限操作,对/usr/bin目录下的东西,我已经遇到过几次这个问题了,于是继续google,在stackoverflow上找到了Operation Not Permitted when on root El capitan (rootless disabled)

重启系统,当启动的时候我们同时按下cmd+r进入Recovery模式,之后选择实用工具 => 终端,在终端输入如下命令,接口文件系统的锁定,并且重启电脑(cmd+r后,会进入另外一个选择系统启动的界面,在这个界面里面不要马上重新启动,先找到终端,在終端中输入csrutil disable):

$ csrutil disable
$ reboot

最后,我们执行前面两个命令,查看版本。

$ sudo mv /usr/bin/openssl /usr/bin/openssl_old
$ sudo ln -s /usr/local/Cellar/openssl/1.0.2p/bin/openssl /usr/bin/openssl
$ openssl version
OpenSSL 1.0.2p  14 Aug 2018

➜  ~ which openssl
/usr/local/opt/openssl/bin/openssl

clipboard.png

这样,我们的openssl升级成功了。不过,为了安全起见,我还是重新启动电脑,然后重新开启了csrutil。

csrutil enable
reboot

参考文章:
Mac升级openssl

阅读 12.4k

Corwien
为者常成,行者常至!

为者常成,行者常至。

6.3k 声望
1.6k 粉丝
0 条评论

为者常成,行者常至。

6.3k 声望
1.6k 粉丝
文章目录
宣传栏