Requesting and obtaining a certificate from a CA
Problem : OpenSSL Security Advisory [3rd May 2016] High severitySolution : Update it 🙂
Mac OSX 10.11.4
Check version
$ openssl version -a
Backup old version
$ sudo mv /usr/bin/openssl /usr/bin/openssl-old
For 10.12.2 will get?(and maybe this should help)mv: rename /usr/bin/openssl to /usr/bin/openssl-old: Operation not permitted
Or remove old version (skip this if you already backup)
$ sudo rm /usr/bin/openssl
Install Homebrew if you didn?t have
$ /usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
Or update if you already have
$ brew update && brew upgrade
Install OpenSSL with Homebrew
$ brew install openssl
Symbolic link
$ brew link –force openssl
[UPDATE] 2016/12/11
OpenSSL 1.0.2j, Homebrew 1.1.2, Mac 10.11.6
You?ll see?
Warning: Refusing to link: opensslLinking keg-only openssl means you may end up linking against the insecure,deprecated system OpenSSL while using the headers from Homebrew?s openssl.Instead, pass the full include/library paths to your compiler e.g.: -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib
And yes we?re doom! But no worry we can manually link it with steps below.
1. Ensure it exist
$ ls -l /usr/local/opt/openssl
You should see (after $ brew install openssl)
lrwxr-xr-x 1 katopz admin 24 Sep 29 00:21 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2j
2. Link it
$ sudo ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/bin/openssl
For 10.12.2 you will get?(and maybe this should help)ln: /usr/bin/openssl: Operation not permitted
3. And maybe you?ll need this too
$ mkdir -p /usr/local/lib$ ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/$ ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
Close Terminal and reopen then check version
$ openssl version -a
You should see?
OpenSSL 1.0.2j 26 Sep 2016built on: reproducible build, date unspecifiedplatform: darwin64-x86_64-ccoptions: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) idea(int) blowfish(idx)compiler: clang -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASMOPENSSLDIR: “/usr/local/etc/openssl”
Nice! We?re safe now until another incident appear tho.
And next time you can just?
$ brew update && brew upgrade
){kind=link}
){kind=link}