OpenSSL and Mac OS X



  • Hello,

    Most of you know that OpenSSL libraries on Mac OS X are outdated. It may not be a big security issue, but it creates SSL errors when browsing internet. I read through these forums and other places and decided to update OpenSSL libraries on my Mac then linking them to Qt so when I make a distributable package it comes with updated OpenSSL libraries.

    I followed the instructions on this page and updated my OpenSSL packages using Homebrew and put them to the system place /usr/bin/openssl so system use them as default OpenSSL libraries.

    Then I complied Qt 5.5.0 RC from source ./configure -linked-openssl -prefix ~/Qt5.5.0-RC

    It all went fine. After compile finished I used CMake to build the application then used macdeployqt to make a Mac package.

    But when I try my package in a VM which contains outdated OpenSSL libraries (0.9.8y), I saw that application uses the system libraries, not the updated ones (1.0.2c).

    So what am I missing? I want to include updated OpenSSL libraries in my package.



  • It sounds like it is using shared openssl instead of statically linked. I can't tell from the link you posted if the update procedure for openssl installs the static libs. Make sure you have them in the openssl lib directory, and make sure the Qt build finds them by using OPENSSL_LIBS="-L<your_path_to_openssl_lib> -lcrypto -lssl" in configure options. That works on Windows for Qt 5.4.2, I don't know if it is the same on Mac with Qt 5.5.0. Your configure option is different than I use (I use -openssl-linked instead of -linked-openssl), so other things may be different, as well.
    Paul



  • Thanks for your help. I used -openssl-linked too, I just made typing error :) After a couple of days of trying and lots of research on internet, I finally succeeded.

    I have read that on Mac OS X you should omit -L, -lcrypto and -lssl because XCode doesn’t understand that as it should be. Instead you must give direct path to libssl.a and libcrypto.a static libs. So I -kind of- followed that advice and use this command.

    OPENSSL_LIBS="/usr/local/Cellar/openssl/1.0.2c/lib/libcrypto.a /usr/local/Cellar/openssl/1.0.2c/lib/libssl.a -lcrypto -lssl" ./configure -v -nomake examples -nomake tests -openssl-linked -prefix ~/Qt5.5.0-RC

    I advice Mac users who are in same situation as me to try either OPENSSL_LIBS="<your_path_to_libcrypto.a> <your_path_to_libssl.a> -lcrypto -lssl" or OPENSSL_LIBS="<your_path_to_libcrypto.a> <your_path_to_libssl.a>"


  • Lifetime Qt Champion

    Hi and welcome to devnet,

    IIRC starting with Qt 5.5.0, you can use OS X/iOS native backend in place of OpenSSL but you have to rebuild Qt for that.



  • Thanks for the info. I read that this is going to be default in Qt 5.6. So how can I build Qt for this? Is regular build without -openssl-linked parameter enable this function?


  • Lifetime Qt Champion

    IIRC you must use the securetransport option



  • Thanks, -no-openssl -securetransport works. Now I can use Mac OS X native secure transport instead of OpenSSL.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.