So I did end up statically binding openSSL into my application - thanks for
the suggestion.
Still, it seems to me that a note in the install/build instructions under
macos saying that the default dylibs are not compatible with the rules for
hardened applications would be a nice thing for developer
Which is indeed what I do in our notarized MacOsX and iOS applications.
However to do so, I have historically needed to clean up OpenSSL source
code to actually behave as a proper static library where only used
functions are linked in. Most notably, the source files named xxx_lib.c
tend to ca
An alternative would be to statically link libssl and libcrypto. No
more dependencies.
Pauli
On 20/11/21 3:48 pm, Viktor Dukhovni wrote:
On Sat, Nov 20, 2021 at 01:38:39PM +1100, Grahame Grieve wrote:
I agree it's sure not a core openSSL issue. But surely lots of people
want to use openSSL
您好,您的邮件我已收到,我会尽快阅读,谢谢!
On Sat, Nov 20, 2021 at 01:38:39PM +1100, Grahame Grieve wrote:
> I agree it's sure not a core openSSL issue. But surely lots of people
> want to use openSSL in cross platform apps and openSSL is interested
> in adoption issues?
Most of the users here are building applications that are not notari
>
> > And the rule for that is that all code your application uses must be
> > signed either by you or by apple. I can include both openSSL dylibs in
> > my .app package, and sign all that, but the way libssl loads libcrypto
> > seems to not meet those rules - which specifically exclude symlinking
>
>
> The problem is that symlinking doesn't work in this case. Sure, I can
> install openSSL, and then it works. For me. But I'm trying to distribute an
> application, and to do that on modern macs, I need a hardened run time. And
> the rule for that is that all code your application uses must be
On Sat, Nov 20, 2021 at 06:14:30AM +1100, Grahame Grieve wrote:
> And the rule for that is that all code your application uses must be
> signed either by you or by apple. I can include both openSSL dylibs in
> my .app package, and sign all that, but the way libssl loads libcrypto
> seems to not me
The problem is that symlinking doesn't work in this case. Sure, I can install
openSSL, and then it works. For me. But I'm trying to distribute an
application, and to do that on modern macs, I need a hardened run time. And the
rule for that is that all code your application uses must be signed ei
The problem is that symlinking doesn't work in this case. Sure, I can
install openSSL, and then it works. For me. But I'm trying to distribute an
application, and to do that on modern macs, I need a hardened run time. And
the rule for that is that all code your application uses must be signed
eithe
Here's how Macports did it:
1. Installed OpenSSL-1.1.1 into /opt/local/libexec/openssl11;
2. Installed OpenSSL-3.0.0 into /opt/local/libexec/openssl3;
3. Symlinked OpenSSL-3.0.0 libraries into /opt/local/lib (primary directory
where stuff lives);
I added symlinking /opt/local/libexec/openssl11/l
On Fri, Nov 19, 2021 at 05:36:24PM +1100, Grahame Grieve wrote:
> It's very definitely something active that OSX is doing. Here's an OSX
> error generated:
>
> System Integrity Protection: enabled
>
> Crashed Thread:0 Dispatch queue: com.apple.main-thread
>
> Exception Type:EXC
I don't use Brew. I've installed OpenSSL-1.1.1 (and 3.0.0) via Macports, and
have no problem linking and running apps against 1.1.1.
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are
obviously no deficiencies.
The other is to make it so complex there
On Friday, 19 November 2021 07:36:24 CET, Grahame Grieve wrote:
It's very definitely something active that OSX is doing. Here's
an OSX error generated:
System Integrity Protection: enabled
Crashed Thread:0 Dispatch queue: com.apple.main-thread
Exception Type:EXC_CRASH (SIGABR
It's very definitely something active that OSX is doing. Here's an OSX
error generated:
System Integrity Protection: enabled
Crashed Thread:0 Dispatch queue: com.apple.main-thread
Exception Type:EXC_CRASH (SIGABRT)
Exception Codes: 0x, 0x
Ex
您好,您的邮件我已收到,我会尽快阅读,谢谢!
On Fri, Nov 19, 2021 at 04:31:26PM +1100, Grahame Grieve wrote:
> I'm trying to get my application that uses openSSL 1.1 running on OSX. I've
> installed them using homebrew, but I can't get past Apple's gates around
> blocking use of openSSL.
I don't think they're actively doing blocking here, t
I'm trying to get my application that uses openSSL 1.1 running on OSX. I've
installed them using homebrew, but I can't get past Apple's gates around
blocking use of openSSL. I've copied both dylibs into my app
/Contents/MacOS folder, and signed both of them, and I load them from the
that location,
18 matches
Mail list logo
