> > > The problem is that symlinking doesn't work in this case. Sure, I can > install openSSL, and then it works. For me. But I'm trying to distribute an > application, and to do that on modern macs, I need a hardened run time. And > the rule for that is that all code your application uses must be signed > either by you or by apple. > > > > It is trivial to install OpenSSL-1.1.1 via Macports, and build/link an app > with hardened run time against it. >
well, I'm sure it's due to my own deficiencies, but I'm not finding it all trivial to produce an app with a hardened run time that works with openssl. > XCode offers an option to embed and sign the libraries you’re linking > against. > unfortunately, I'm not using XCode, since I'm writing a cross-platform app. That's ok - I figured out how to embed and sign the libraries myself. Only... that wasn't enough in this specific case, because of a specific OSX rule for openSSL. > Another option is to state in the docs that this app depends on user > installing Macports port “openssl11”. > Only, this is not an option. At least not experimentally, nor based on this: " Hardened Runtime only allows executables to load code that has been code-signed by the same team, or by Apple" (https://developer.apple.com/forums/thread/112825 - not explicit apple documentation, but matches my testing) Grahame >
