Asked 30/7, 2016 at 4:18 Answered 3/11, 2020 at 14:19

174

I'm on: OSX 10.11.6, Homebrew version 0.9.9m OpenSSL 0.9.8zg 14 July 2015

I'm trying to play with with dotnetcore and by following their instructions,

I've upgraded/installed the latest version of openssl:

> brew install openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
Already downloaded: /Users/administrator/Library/Caches/Homebrew/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Pouring openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local.

Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include

But when I try to link openssl I continue to run into this linking error:

> brew link --force openssl
Warning: Refusing to link: openssl
Linking keg-only OpenSSL means you may end up linking against the insecure,
deprecated system version while using the headers from the Homebrew version.
Instead, pass the full include/library paths to your compiler e.g.:
  -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib

The option to include compiler flags doesn't make sense to me, since I'm not compiling these libraries that I'm dependent on.

EDIT dotnetcore has updated their instructions:

brew update    
brew install openssl    
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/    
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/

Tubulure answered 30/7, 2016 at 4:18 Comment(11)

For .NET Core you need a supported version of OpenSSL, which would be a 1.0.1 or 1.0.2 version. Since you're reporting a 0.9.8 version maybe you need to brew upgrade openssl first? – Pounds 30/7, 2016 at 5:32

I've already done that. I should have clarified, but I didn't add those steps to the question. But I've already done the brew update and brew install openssl. This is trying to install the supported version. – Tubulure 30/7, 2016 at 5:59

Looks like Homebrew has explicitly blocked it: github.com/Homebrew/brew/commit/…. – Pounds 30/7, 2016 at 6:10

Perhaps using a different HOMEBREW_PREFIX would work; but that's definitely beyond my experience. – Pounds 30/7, 2016 at 6:11

And.. to continue rounding out my rambling, you might be interested in whatever develops on github.com/Homebrew/brew/pull/597 – Pounds 30/7, 2016 at 6:28

"... when I try to link openssl I continue to run into this linking error:.." - Also see How to set the runtime path (-rpath) of an executable with gcc under Mac OSX?. It may help you always load the correct library at runtime, if Brew is not adding it. – Extinguish 30/7, 2016 at 11:53

@Pounds - the linking worked with 1.0.1 version. As per the commit you posted, which was just a few days ago, my guess is that the older versions have a different HOMEBREW_PREFIX. I'm good for now, but in the future I'll try your suggestion of trying a different prefix. – Tubulure 30/7, 2016 at 23:6

I tried most of the solutions on this page, and none worked. I was however able to get .Net core working with this solution: github.com/dotnet/cli/issues/3964#issuecomment-236485454 – Hightower 1/8, 2016 at 5:9

@PaulKeister's link to the github discussion worked for me. Basically just run:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib

– Gunning 1/8, 2016 at 10:20

The rpath solution is better. There’s a reason Homebrew now prevents you from linking OpenSSL; it is a bad idea and may break stuff on your computer. – Pile 13/8, 2016 at 8:20

You should probably put your "dotnetcore has updated their install instructions" into an answer here to your own question :\ – Dree 27/9, 2017 at 15:53

As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.

The most relevant part of the issue copied here:

I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib

and/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylib

In effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.

Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).

Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:

13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x  1 ben  admin  26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1

If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.

Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).

Expiry answered 1/8, 2016 at 18:50 Comment(7)

Where am I supposed to add that line? I'm trying to get this to work in CI. I'm getting a

/usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib (No such file or directory)

. – Clubhouse 2/8, 2016 at 12:20

@Clubhouse that's the installation path of the dotnet tooling. Its possible that you either don't have it installed or you installed or to another location. If its installed and on your part, you could use which dotnet to find it. – Expiry 2/8, 2016 at 12:23

Oh, just realized I'm adding this line before installing dotnet. Will retry and come back. – Clubhouse 2/8, 2016 at 12:24

Worked for me, in my case the sdk was installed to a different directory so I had to change the path. – Clubhouse 2/8, 2016 at 13:16

With dotnet 1.1.0 I had to do:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.1.0/System.Security.Cryptography.Native.OpenSsl.dylib

– Robtrobust 24/1, 2017 at 9:58

What if which dotnet reveals I don't have it? – Hedelman 12/2, 2017 at 17:15

@Hedelman I've heard reports from acquaintances that the installer on macOS sometimes doesn't properly update the path, so you may have it on your file system but unable to use it normally. The other possibility is that you really don't have it, in which case you should install it from dot.net. – Expiry 12/2, 2017 at 18:27

This is what worked for me:

brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl

Thanks to @dorlandode on this thread https://github.com/Homebrew/brew/pull/597

NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in @bouke's comment before attempting this.

Sacroiliac answered 19/10, 2016 at 16:32 Comment(6)

is the full path for the last link /usr/local/bin/openssl? – Shawn 24/10, 2016 at 19:33

Why this answer is not accepted, you saved my life man. ::thumb up:: – Opia 22/11, 2016 at 19:15

There's a good reason brew is refusing to do this. See also this: github.com/Homebrew/brew/pull/597. – Robtrobust 24/1, 2017 at 9:58

This solution worked for me, but I had to change 1.0.2j to 1.0.2k because of version differences. So users beware, you may need to adjust paths for the current version – Piatt 27/3, 2017 at 14:25

I saw @Jeff's comment a little too late. If you did too, I believe ln -s -f /usr/local/Cellar/openssl/1.0.2k/bin/openssl /usr/local/bin/openssl fixes it – Paradisiacal 13/4, 2017 at 15:43

I'm using macOS Catalina 10.15.4 and this is the only solution that worked. – Pouf 6/4, 2020 at 13:50

As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.

The most relevant part of the issue copied here:

I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib

and/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylib

In effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.

Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).

Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:

13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x  1 ben  admin  26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1

If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.

Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).

Expiry answered 1/8, 2016 at 18:50 Comment(7)

Where am I supposed to add that line? I'm trying to get this to work in CI. I'm getting a

/usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib (No such file or directory)

. – Clubhouse 2/8, 2016 at 12:20

Oh, just realized I'm adding this line before installing dotnet. Will retry and come back. – Clubhouse 2/8, 2016 at 12:24

Worked for me, in my case the sdk was installed to a different directory so I had to change the path. – Clubhouse 2/8, 2016 at 13:16

With dotnet 1.1.0 I had to do:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.1.0/System.Security.Cryptography.Native.OpenSsl.dylib

– Robtrobust 24/1, 2017 at 9:58

What if which dotnet reveals I don't have it? – Hedelman 12/2, 2017 at 17:15

None of these solutions worked for me on OS X El Capitan 10.11.6. Probably because OS X has a native version of openssl that it believes is superior, and as such, does not like tampering.

So, I took the high road and started fresh...

Manually install and symlink

cd /usr/local/src

If you're getting "No such file or directory", make it:

cd /usr/local && mkdir src && cd src

Download openssl:

curl --remote-name https://www.openssl.org/source/openssl-1.0.2h.tar.gz

Extract and cd in:

tar -xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h

Compile and install:

./configure darwin64-x86_64-cc --prefix=/usr/local/openssl-1.0.2h shared
make depend
make
make install

Now symlink OS X's openssl to your new and updated openssl:

ln -s /usr/local/openssl-1.0.2h/bin/openssl /usr/local/bin/openssl

Close terminal, open a new session, and verify OS X is using your new openssl:

openssl version -a

Foamflower answered 2/8, 2016 at 0:58 Comment(8)

If you're trying to install .NET core on OS X you should wrap it in Docker. – Foamflower 2/8, 2016 at 1:6

After doing all this: OpenSSL 0.9.8zh 14 Jan 2016 built on: May 15 2016 platform: darwin64-x86_64-llvm – Sealy 9/9, 2016 at 15:13

Creating a symlink in the following way worked for me: ln -s /usr/local/openssl-1.0.2h/bin/openssl /usr/local/bin/openssl. After restarting your Terminal session, type which openssl to make sure you are using the updated 1.0.2 version (/usr/local/bin/openssl) instead of the built-in one (/usr/bin/openssl). – Heth 19/12, 2016 at 12:47

I followed these instructions but when I type in which openssl, I get (/opt/local/bin/openssl). How do I get it to be /usr/local/bin/openssl? – Plebeian 22/12, 2016 at 20:58

I followed these instructions (thank you so much for the step-by-step), and it still said 0.9.8. Thank you to Olivier for the alternate linking method that worked. – Annikaanniken 12/1, 2017 at 3:55

this one saved me – Assignat 28/1, 2017 at 17:23

Still doesn't work: a new version of OpenSSL is installed. But- it is not used by apps such as Composer. $ openssl version -a OpenSSL 1.0.2o 27 Mar 2018 However output from Composer diagnose says otherwise. $ composer diagnose Checking composer.json: WARNING No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license. Checking platform settings: WARNING The OpenSSL library (0.9.8r) used by PHP does not support TLSv1.2 or TLSv1.1. If possible you should upgrade OpenSSL to version 1.0.1 or above. – Beadruby 1/6, 2018 at 15:47

how do I uninstall something installed like this?? – Renitarenitent 10/12, 2021 at 8:10

Just execute brew info openssland read the information where it says:

If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

Prose answered 22/2, 2017 at 7:50 Comment(4)

brew info openssl gave the same helpful information for me. Running the suggested command above and then running source ~/.bash_profile or opening a new terminal solved it for me. – Orit 23/2, 2017 at 10:19

FINALLY. This also worked for me. The other answers above did not! – Chasechaser 23/4, 2017 at 1:1

or echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc – Bostwick 30/9, 2017 at 9:10

This did not work. I'm getting the same message again. – Incertitude 20/4, 2023 at 15:4

If migrating your mac breaks homebrew:

I migrated my mac, and it unlinked all my homebrew installs - including OpenSSL. This broke gem install, which is how I first noticed the problem and started trying to repair this.

After a million solutions (when migrating to OSX Sierra - 10.12.5), the solution ended up being comically simple:

brew reinstall ruby
brew reinstall openssl

Edit much later: as Gal Bracha noted in the comments, you ?might? need to delete /usr/local/opt/openssl before doing the reinstalls, just to be safe. I didn't need to at the time, but if you're still having trouble, give that a try.

Campestral answered 26/7, 2017 at 20:56 Comment(4)

And a year later, this happened to me migrating my Mac, and your fix worked for me as well. Thanks so much; I was getting to the point of considering wiping my new Mac and doing a fresh install and setting everything up again manually. – Rawlings 28/6, 2018 at 12:25

@Rawlings glad I could keep you from going over the brink! I almost did the same. – Campestral 28/6, 2018 at 14:54

You might also need to delete this folder before doing the above. rm -rf /usr/local/opt/openssl – Inexpressive 19/9, 2018 at 10:33

I would kiss you if you were next to me. This is what worked for me after 3 hrs of struggle. – Coeternity 17/8, 2021 at 15:11

The solution above from edwardthesecond worked for me too on Sierra

 brew install openssl
 cd /usr/local/include 
 ln -s ../opt/openssl/include/openssl 
 ./configure && make

Other steps I did before were:

installing openssl via brew
```
brew install openssl
```

adding openssl to the path as suggested by homebrew

brew info openssl
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

Brave answered 13/6, 2017 at 10:8 Comment(1)

Worked nice for me, just skipped la part './configure && make' – Winslow 8/6, 2018 at 6:21

After trying everything I could find and nothing worked, I just tried this:

touch ~/.bash_profile; open ~/.bash_profile

Inside the file added this line.

export PATH="$PATH:/usr/local/Cellar/openssl/1.0.2j/bin/openssl"

now it works :)

Jorns-iMac:~ jorn$ openssl version -a
OpenSSL 1.0.2j  26 Sep 2016
built on: reproducible build, date unspecified
//blah blah
OPENSSLDIR: "/usr/local/etc/openssl"

Jorns-iMac:~ jorn$ which openssl
/usr/local/opt/openssl/bin/openssl

Corneille answered 4/10, 2016 at 11:3 Comment(5)

This is a really simple solution and I was pretty hopeful that it would work for me but no luck here. Even after updating my PATH and restarting my shell session which openssl still points to /usr/bin/openssl – Monolayer 19/11, 2016 at 23:48

In order to get this working I had to edit my .bash_profile as well. But the only thing that worked was telling it to look in /usr/local/bin instead of /usr/bin. I did this by adding export PATH=/usr/local/bin:$PATH – Draughty 21/12, 2016 at 16:40

For this to work, you need to add /usr/local/opt/openssl/bin, without the /openssl on the end, to the front of the PATH, not the end: PATH=/usr/local/opt/openssl/bin:$PATH Using /usr/local/opt/openssl instead of /usr/local/Cellar/openssl/$version means you'll automatically keep the most up-to-date version in your $PATH without having to change it every time you upgrade. – Unmusical 16/10, 2017 at 14:36

After hours of dumbness this did the trick for me along with @MarkReed's additional notes – Lilialiliaceous 25/2, 2018 at 4:57

I was able to use this and get it working for me. Thank you. I have 1.0.2q version of openssl. – Ctenoid 15/2, 2019 at 22:46

I have a similar case. I need to install openssl via brew and then use pip to install mitmproxy. I get the same complaint from brew link --force. Following is the solution I reached: (without force link by brew)

LDFLAGS=-L/usr/local/opt/openssl/lib 
CPPFLAGS=-I/usr/local/opt/openssl/include
PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig 
pip install mitmproxy

This does not address the question straightforwardly. I leave the one-liner in case anyone uses pip and requires the openssl lib.

Note: the /usr/local/opt/openssl/lib paths are obtained by brew info openssl

Gush answered 22/10, 2016 at 15:22 Comment(2)

Found this one useful for installing pysqlcipher – Guam 5/12, 2016 at 12:5

Useful for installing cryptography. I was missing the PKG_CONFIG_PATH variable – Doerr 15/12, 2016 at 22:38

This worked for me:

 brew install openssl
 cd /usr/local/include 
 ln -s ../opt/openssl/include/openssl .

Rudyrudyard answered 23/2, 2017 at 5:30 Comment(1)

This worked for me, trying to compile PHP 7.2.1 with phpbrew on Mac OS High Sierra - Thanks! – Retorsion 10/1, 2018 at 1:10

By default, homebrew gave me OpenSSL version 1.1 and I was looking for version 1.0 instead. This worked for me.

To install version 1.0:

brew install https://github.com/tebelorg/Tump/releases/download/v1.0.0/openssl.rb

Then I tried to symlink my way through it but it gave me the following error:

ln -s /usr/local/Cellar/openssl/1.0.2t/include/openssl /usr/bin/openssl
ln: /usr/bin/openssl: Operation not permitted

Finally linked openssl to point to 1.0 version using brew switch command:

brew switch openssl 1.0.2t
Cleaning /usr/local/Cellar/openssl/1.0.2t
Opt link created for /usr/local/Cellar/openssl/1.0.2t

Ligetti answered 17/6, 2020 at 5:43 Comment(1)

Calling Non-checksummed download of openssl formula file from an arbitrary URL is disabled! – Lionellionello 8/10, 2020 at 19:45

I had the same problem while trying to install newer version of ruby 2.6.5 https://github.com/kelaberetiv/TagUI/issues/86 helps me to solve the problem. This if for macOS catalina Version 10.15.1

Basically, I did update and upgrade homebrew and install openssl and install ruby.

brew update && brew upgrade
brew install openssl

Then create these 2 symlinks

ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/

then installed ruby 2.6.5

Freedman answered 25/11, 2019 at 20:12 Comment(0)

Note: this no longer works due to https://github.com/Homebrew/brew/pull/612

I had the same problem today. I uninstalled (unbrewed??) openssl 1.0.2 and installed 1.0.1 also with homebrew. Dotnet new/restore/run then worked fine.

Install openssl 101:
brew install homebrew/versions/openssl101
Linking:
brew link --force homebrew/versions/openssl101

Liggins answered 30/7, 2016 at 14:2 Comment(6)

This did it! Seems that 1.0.2 didn't want to link. Next question is why does .netcore suggest something that is not recommended in the community. – Tubulure 30/7, 2016 at 16:42

1.0.2 worked for me on another mac a few days ago, so maybe there is a recent brew or openssl change. Anyway, for dot net core, we are good :) – Liggins 30/7, 2016 at 18:55

The github link posted by @Pounds shows that brew was updated just a few days ago. Looking at the commit, the change is ` if HOMEBREW_PREFIX.to_s == "/usr/local" && keg.name == "openssl"` so I'm guessing that the 1.0.1 version uses a different HOMEBREW_PREFIX. – Tubulure 30/7, 2016 at 23:3

didn't work for me, still gives error

Refusing to link: openssl101 Linking keg-only openssl101 means you may end up linking against the insecure, deprecated system OpenSSL while using the headers from Homebrew's openssl101. Instead, pass the full include/library paths to your compiler e.g.:   -I/usr/local/opt/openssl101/include -L/usr/local/opt/openssl101/lib

– Natala 31/7, 2016 at 20:10

This answer is no longer correct given the change made by homebrew devs at github.com/Homebrew/brew/pull/612 – Monjo 1/8, 2016 at 2:36

This is awful... don't do this but... vi /usr/local/Library/Homebrew/cmd/link.rb (line 28) if false &&. Then brew install --force openssl. Don't do this, I'm likely a terrible person for even suggesting it. – Ritzy 1/8, 2016 at 6:4

for me this is what worked...

I edited the ./bash_profile and added below command

export PATH="/usr/local/opt/openssl/bin:$PATH"

Pareto answered 12/7, 2018 at 8:14 Comment(0)

export https_proxy=http://127.0.0.1:1087 http_proxy=http://127.0.0.1:1087 all_proxy=socks5://127.0.0.1:1080

works for me

and I think it can solve all the problems like Failed to connect to raw.githubusercontent.com port 443: Connection refused

Benitabenites answered 16/5, 2020 at 2:51 Comment(0)

The solution might be updating some tools.

Here's my scenario from 2020 with Ruby and Python:

I needed to install Python 3 on Mac and things escalated. In the end, updating homebrew, node and python lead to the problem with openssl. I did not have openssl 1.0 anymore, so I couldn't "brew switch" to it.
So what was still trying to use that old 1.0 version?

It tuned out it was Ruby 2.5.5.
So I just installed Ruby 2.5.8 and removed the old one.

Other things you can try if this is not enough: Use rbenv and pyenv. Clean up gems and formulas. Update homebrew, node, yarn. Upgrade bundler. Make sure your .bash_profile (or equivalent) is set up according to each tool's instructions. Reopen the terminal.

Digest answered 3/11, 2020 at 14:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Manually install and symlink

If migrating your mac breaks homebrew:

Recommended topics

Hot tags