class Openssl < Formula desc "OpenSSL SSL/TLS cryptography library" homepage "https://openssl.org/" url "https://www.openssl.org/source/openssl-1.0.2d.tar.gz" mirror "https://dl.bintray.com/homebrew/mirror/openssl-1.0.2d.tar.gz" mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-1.0.2d.tar.gz" sha256 "671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8" revision 1 bottle do sha256 "b0d8d2082ec30add6327f50ade554a9d45c09ef04b9086a4b779bb7d5816794b" => :el_capitan sha256 "65de00409343fb371a065ae514da7a6cbf4f575dee9e0016bd22baccd5b644fa" => :yosemite sha256 "ec0a2591aca21c855790464f691db864d5180cb8ae97c68429ca31560fd5fd29" => :mavericks sha256 "cc001abc92c0991bef7817cd88c078f8110354d1529a194a4b2e16e5e09cbeca" => :mountain_lion end option :universal option "without-check", "Skip build-time tests (not recommended)" depends_on "makedepend" => :build keg_only :provided_by_osx, "Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries" def arch_args { :x86_64 => %w[darwin64-x86_64-cc enable-ec_nistp_64_gcc_128], :i386 => %w[darwin-i386-cc] } end def configure_args; %W[ --prefix=#{prefix} --openssldir=#{openssldir} no-ssl2 zlib-dynamic shared enable-cms ] end def install if build.universal? ENV.permit_arch_flags archs = Hardware::CPU.universal_archs elsif MacOS.prefer_64_bit? archs = [Hardware::CPU.arch_64_bit] else archs = [Hardware::CPU.arch_32_bit] end dirs = [] archs.each do |arch| if build.universal? dir = "build-#{arch}" dirs << dir mkdir dir mkdir "#{dir}/engines" system "make", "clean" end ENV.deparallelize system "perl", "./Configure", *(configure_args + arch_args[arch]) system "make", "depend" system "make" if (MacOS.prefer_64_bit? || arch == MacOS.preferred_arch) && build.with?("check") system "make", "test" end if build.universal? cp Dir["*.?.?.?.dylib", "*.a", "apps/openssl"], dir cp Dir["engines/**/*.dylib"], "#{dir}/engines" end end system "make", "install", "MANDIR=#{man}", "MANSUFFIX=ssl" if build.universal? %w[libcrypto libssl].each do |libname| system "lipo", "-create", "#{dirs.first}/#{libname}.1.0.0.dylib", "#{dirs.last}/#{libname}.1.0.0.dylib", "-output", "#{lib}/#{libname}.1.0.0.dylib" system "lipo", "-create", "#{dirs.first}/#{libname}.a", "#{dirs.last}/#{libname}.a", "-output", "#{lib}/#{libname}.a" end Dir.glob("#{dirs.first}/engines/*.dylib") do |engine| libname = File.basename(engine) system "lipo", "-create", "#{dirs.first}/engines/#{libname}", "#{dirs.last}/engines/#{libname}", "-output", "#{lib}/engines/#{libname}" end system "lipo", "-create", "#{dirs.first}/openssl", "#{dirs.last}/openssl", "-output", "#{bin}/openssl" end end def openssldir etc/"openssl" end def post_install keychains = %w[ /Library/Keychains/System.keychain /System/Library/Keychains/SystemRootCertificates.keychain ] certs_list = `security find-certificate -a -p #{keychains.join(" ")}` certs = certs_list.scan( /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m ) valid_certs = certs.select do |cert| IO.popen("openssl x509 -inform pem -checkend 0 -noout", "w") do |openssl_io| openssl_io.write(cert) openssl_io.close_write end $?.success? end openssldir.mkpath (openssldir/"cert.pem").atomic_write(valid_certs.join("\n")) end def caveats; <<-EOS.undent A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in #{openssldir}/certs and run #{opt_bin}/c_rehash EOS end test do # Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody. assert (HOMEBREW_PREFIX/"etc/openssl/openssl.cnf").exist?, "OpenSSL requires the .cnf file for some functionality" # Check OpenSSL itself functions as expected. (testpath/"testfile.txt").write("This is a test file") expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249" system "#{bin}/openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt" open("checksum.txt") do |f| checksum = f.read(100).split("=").last.strip assert_equal checksum, expected_checksum end end end