99 lines
3.3 KiB
Ruby
99 lines
3.3 KiB
Ruby
# This formula tracks 1.0.2 branch of OpenSSL, not the 1.1.0 branch. Due to
|
|
# significant breaking API changes in 1.1.0 other formulae will be migrated
|
|
# across slowly, so core will ship `openssl` & `openssl@1.1` for foreseeable.
|
|
class Openssl < Formula
|
|
desc "SSL/TLS cryptography library"
|
|
homepage "https://openssl.org/"
|
|
url "https://www.openssl.org/source/openssl-1.0.2r.tar.gz"
|
|
mirror "https://dl.bintray.com/homebrew/mirror/openssl--1.0.2r.tar.gz"
|
|
mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-1.0.2r.tar.gz"
|
|
sha256 "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
|
|
|
|
bottle do
|
|
sha256 "c1f8c06740398325c7028213b20b18c5de39763fbc81e5819c78a06ee0621170" => :mojave
|
|
sha256 "2b68bd92c0c2faea5a1e70cc57a2403482ab2d83d0201bb42016c57c754427a5" => :high_sierra
|
|
sha256 "02c6161715bd1bdb45e6f922615c97f420c852b28ea0865d39ff8db6d8e70678" => :sierra
|
|
end
|
|
|
|
keg_only :provided_by_macos,
|
|
"Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries"
|
|
|
|
def install
|
|
# OpenSSL will prefer the PERL environment variable if set over $PATH
|
|
# which can cause some odd edge cases & isn't intended. Unset for safety,
|
|
# along with perl modules in PERL5LIB.
|
|
ENV.delete("PERL")
|
|
ENV.delete("PERL5LIB")
|
|
|
|
ENV.deparallelize
|
|
args = %W[
|
|
--prefix=#{prefix}
|
|
--openssldir=#{openssldir}
|
|
no-ssl2
|
|
no-ssl3
|
|
no-zlib
|
|
shared
|
|
enable-cms
|
|
darwin64-x86_64-cc
|
|
enable-ec_nistp_64_gcc_128
|
|
]
|
|
system "perl", "./Configure", *args
|
|
system "make", "depend"
|
|
system "make"
|
|
system "make", "test"
|
|
system "make", "install", "MANDIR=#{man}", "MANSUFFIX=ssl"
|
|
end
|
|
|
|
def openssldir
|
|
etc/"openssl"
|
|
end
|
|
|
|
def post_install
|
|
keychains = %w[
|
|
/System/Library/Keychains/SystemRootCertificates.keychain
|
|
]
|
|
|
|
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
|
|
certs = certs_list.scan(
|
|
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m,
|
|
)
|
|
|
|
valid_certs = certs.select do |cert|
|
|
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout", "w") do |openssl_io|
|
|
openssl_io.write(cert)
|
|
openssl_io.close_write
|
|
end
|
|
|
|
$CHILD_STATUS.success?
|
|
end
|
|
|
|
openssldir.mkpath
|
|
(openssldir/"cert.pem").atomic_write(valid_certs.join("\n") << "\n")
|
|
end
|
|
|
|
def caveats; <<~EOS
|
|
A CA file has been bootstrapped using certificates from the SystemRoots
|
|
keychain. To add additional certificates (e.g. the certificates added in
|
|
the System keychain), place .pem files in
|
|
#{openssldir}/certs
|
|
|
|
and run
|
|
#{opt_bin}/c_rehash
|
|
EOS
|
|
end
|
|
|
|
test do
|
|
# Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody.
|
|
assert_predicate HOMEBREW_PREFIX/"etc/openssl/openssl.cnf", :exist?,
|
|
"OpenSSL requires the .cnf file for some functionality"
|
|
|
|
# Check OpenSSL itself functions as expected.
|
|
(testpath/"testfile.txt").write("This is a test file")
|
|
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249"
|
|
system "#{bin}/openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt"
|
|
open("checksum.txt") do |f|
|
|
checksum = f.read(100).split("=").last.strip
|
|
assert_equal checksum, expected_checksum
|
|
end
|
|
end
|
|
end
|