Xcode 11 ld error "your binary is not an allowed client of /usr/lib/libcrypto.dylib"

G

4

14

My project uses CMake to build, but uses the local macOS version of clang and ld when building on a Mac.

After upgrading to Xcode 11 on macOS 10.15 Catalina, I'm unable to link with the following error: ld: cannot link directly with dylib/framework, your binary is not an allowed client of /usr/lib/libcrypto.dylib for architecture x86_64.

Is this related to the new app notarizing? Is there a fix that doesn't require the project being in Xcode (I use CLion to develop on macOS) or doesn't require linking my own build of OpenSSL?

Any help appreciated.

Grimy answered 18/10, 2019 at 7:49 Comment(4)

It looks like the twitter-verse mentions that this is 'normal'. Basically the version included was outdated so now they just prevent you from linking to it. Can anyone confirm or deny semi-officially? twitter.com/steipete/status/1168926846962020352 – Grimy 18/10, 2019 at 14:51

Running into this issue this morning myself and digging around, I came across this Apple forum message that indicates that Apple intends these types of libraries to be used only internally. The advice is to build third-party libraries yourself and include them with your application. forums.developer.apple.com/thread/124782 – Reversion 30/10, 2019 at 18:51

@casey I think that's the correct answer, as I suspected when I found the twitter post. Do you want to post this as an answer and I'll approve it? – Grimy 31/10, 2019 at 10:51

for cmake, which picks an external openssl on mac osx (say via vscode), we need to include both: OpenSSL::SSL as well as OpenSSL::Crypto in the TARGET_LINK_LIBRARIES stanza. Listing just OpenSSL:SSL would pick the ssl part from vscode build but would again try to to use the system provided libcrypto.dylib – Algebraist 19/9, 2021 at 15:51

R

1

Running into this issue this morning myself and digging around, I came across this Apple forum message that indicates that Apple intends these types of libraries to be used only internally. The advice is to build third-party libraries yourself and include them with your application.

Reversion answered 5/11, 2019 at 21:36 Comment(0)

C

13

As the FindOpenSSL.cmake code looks for the libraries and then stores the result in the CMake cache, you can forcefully set the path before you try to find OpenSSL. The FindOpenSSL.cmake code will not replace your path.

if (APPLE)
    # This is a bug in CMake that causes it to prefer the system version over
    # the one in the specified ROOT folder.
    set(OPENSSL_ROOT_DIR ${OPENSSL_ROOT_DIR} /usr/local/Cellar/[email protected]/1.1.1g/)
    set(OPENSSL_CRYPTO_LIBRARY ${OPENSSL_ROOT_DIR}/lib/libcrypto.dylib CACHE FILEPATH "" FORCE)
    set(OPENSSL_SSL_LIBRARY ${OPENSSL_ROOT_DIR}/lib/libssl.dylib CACHE FILEPATH "" FORCE)
endif()
find_package(OpenSSL REQUIRED)

Make sure you clear the CMake cache, because once the library is found with the wrong path, this hack won't fix it, even if you rerun CMake on your project.

Cowardly answered 28/5, 2020 at 11:16 Comment(0)

S

5

I have installed OpenSSL from brew, and find_package seems to detect the brew version, but it tries to link link the project with the OpenSSL installed in the system, which is LibreSSL.

I tried to force the find_package to set the exact path of the library, but it does nothing:

if(APPLE)
    set(OPENSSL_ROOT_DIR /usr/local/Cellar/[email protected]/1.1.1d/)
endif()

So I ended up by setting the dependencies manually, which it is not ideal but it works in the meantime for development.

# OpenSSL
find_package(OpenSSL REQUIRED)
if(OPENSSL_FOUND)
    if(APPLE)
        include_directories(/usr/local/Cellar/[email protected]/1.1.1d/include)
        list(APPEND LIB_LIST /usr/local/Cellar/[email protected]/1.1.1d/lib/libssl.dylib)
        list(APPEND LIB_LIST /usr/local/Cellar/[email protected]/1.1.1d/lib/libcrypto.dylib)
        message(STATUS "OpenSSL Version: ${OPENSSL_VERSION} ${OPENSSL_INCLUDE_DIR} ${OPENSSL_LIBRARIES}")
    else()
        include_directories(${OPENSSL_INCLUDE_DIR})
        list(APPEND LIB_LIST ${OPENSSL_LIBRARIES})
        message(STATUS "OpenSSL Version: ${OPENSSL_VERSION} ${OPENSSL_INCLUDE_DIR} ${OPENSSL_LIBRARIES}")
    endif()
endif()

The Cmake Output provides this information, where it detects the OpenSSL library from brew, but links with the system library. Not sure why.

-- OpenSSL Version: 1.1.1d /usr/local/Cellar/[email protected]/1.1.1d/include /usr/lib/libssl.dylib;/usr/lib/libcrypto.dylib

Hope this help!

Shipyard answered 30/11, 2019 at 11:4 Comment(1)

Hi, I'm confused which file I need to edit to make these changes. Many thanks! – Charters 10/3, 2020 at 21:37

R

1

Running into this issue this morning myself and digging around, I came across this Apple forum message that indicates that Apple intends these types of libraries to be used only internally. The advice is to build third-party libraries yourself and include them with your application.

Reversion answered 5/11, 2019 at 21:36 Comment(0)

M

0

i had this problem before. solution :- go build folder:

$ rm -rf *
$ cmake -DOPENSSL_ROOT_DIR="/usr/local/opt/[email protected]" ..
$ cmake -DOPENSSL_LIBRARIES="/usr/local/opt/[email protected]/lib" ..
$ make

Mendy answered 4/8, 2021 at 13:55 Comment(0)

Recommended topics

Hot tags