Crystal: HTTP::Client e.g.(ECDH, RESET, EOF) SSL Problems
Summary
Hi, I am using HTTP::Client has encountered some SSL problems.
I read some similar issues, but still can't work.
I don't know much about SSL. | Reference: #5010, #5723, ...
Problems
require "http/client"
uri = URI.parse("https://cn2-bid.adsrvr.cn")
HTTP::Client.get(uri)
# => SSL routines:SSL3_GET_KEY_EXCHANGE:unable to find ecdh parameters | Solved
uri = URI.parse("https://tls-v1-2.badssl.com:1012")
HTTP::Client.get(uri)
# => socket: Connection reset by peer | Solved
uri = URI.parse("https://securemetrics.apple.com")
HTTP::Client.get(uri)
# => SSL_connect: Unexpected EOF | Solved
Tried
I tried these, but they can't work.
context.add_options OpenSSL::SSL::Options::ALL
context.verify_mode = OpenSSL::SSL::VerifyMode::NONE
OpenSSL Information
$ openssl version
OpenSSL 1.0.2q 20 Nov 2018
$ which openssl
/usr/bin/openssl
$ openssl help
openssl:Error: 'help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb
SSLScan Information
$ sslscan https://cn2-bid.adsrvr.cn
Version: 1.11.12-static
OpenSSL 1.0.2f 28 Jan 2016
Connected to 39.105.128.254
Testing SSL server cn2-bid.adsrvr.cn on port 443 using SNI name cn2-bid.adsrvr.cn
TLS Fallback SCSV:
Server does not support TLS Fallback SCSV
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Accepted TLSv1.2 128 bits RC4-SHA
Accepted TLSv1.2 128 bits RC4-MD5
Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Accepted TLSv1.1 128 bits RC4-SHA
Accepted TLSv1.1 128 bits RC4-MD5
Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Subject: *.adsrvr.cn
Altnames: DNS:*.adsrvr.cn, DNS:adsrvr.cn
Issuer: GeoTrust RSA CA 2018
Not valid before: Feb 18 00:00:00 2019 GMT
Not valid after: Feb 17 12:00:00 2021 GMT
-
$ sslscan https://tls-v1-2.badssl.com
Version: 1.11.12-static
OpenSSL 1.0.2f 28 Jan 2016
Connected to 104.154.89.105
Testing SSL server tls-v1-2.badssl.com on port 443 using SNI name tls-v1-2.badssl.com
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
Accepted TLSv1.0 128 bits CAMELLIA128-SHA
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Subject: *.badssl.com
Altnames: DNS:*.badssl.com, DNS:badssl.com
Issuer: DigiCert SHA2 Secure Server CA
Not valid before: Mar 18 00:00:00 2017 GMT
Not valid after: Mar 25 12:00:00 2020 GMT
-
$ sslscan https://securemetrics.apple.com
Version: 1.11.12-static
OpenSSL 1.0.2f 28 Jan 2016
Connected to 13.229.174.113
Testing SSL server securemetrics.apple.com on port 443 using SNI name securemetrics.apple.com
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
ERROR: Could not open a connection to host securemetrics.apple.com (13.229.174.113) on port 443.
ERROR: Could not connect. | (Maybe there is a problem with my network?)
Curl Verbose
$ curl -v "https://cn2-bid.adsrvr.cn"
* Rebuilt URL to: https://cn2-bid.adsrvr.cn/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 1087 (#0)
* Establish HTTP proxy tunnel to cn2-bid.adsrvr.cn:443
> CONNECT cn2-bid.adsrvr.cn:443 HTTP/1.1
> Host: cn2-bid.adsrvr.cn:443
> User-Agent: curl/7.54.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.adsrvr.cn
* Server certificate: GeoTrust RSA CA 2018
* Server certificate: DigiCert Global Root CA
> GET / HTTP/1.1
> Host: cn2-bid.adsrvr.cn
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Content-Type: text/html
< Server: Microsoft-IIS/10.0
< X-Powered-By: ASP.NET
< Date: Sun, 07 Apr 2019 11:24:09 GMT
< Content-Length: 1233
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact
-
$ curl -v "https://tls-v1-2.badssl.com:1012"
* Rebuilt URL to: https://tls-v1-2.badssl.com:1012/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 1087 (#0)
* Establish HTTP proxy tunnel to tls-v1-2.badssl.com:1012
> CONNECT tls-v1-2.badssl.com:1012 HTTP/1.1
> Host: tls-v1-2.badssl.com:1012
> User-Agent: curl/7.54.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.badssl.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> GET / HTTP/1.1
> Host: tls-v1-2.badssl.com:1012
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.3 (Ubuntu)
< Date: Sun, 07 Apr 2019 11:25:18 GMT
< Content-Type: text/html
< Content-Length: 477
< Last-Modified: Wed, 15 Aug 2018 15:22:02 GMT
< Connection: keep-alive
< ETag: "5b74451a-1dd"
< Cache-Control: no-store
< Accept-Ranges: bytes
<
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-green.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-green.png"/>
<title>tls-v1-2.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: green; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
tls-v1-2.<br>badssl.com
</h1>
</div>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact
-
$ curl -v "https://securemetrics.apple.com"
* Rebuilt URL to: https://securemetrics.apple.com/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 1087 (#0)
* Establish HTTP proxy tunnel to securemetrics.apple.com:443
> CONNECT securemetrics.apple.com:443 HTTP/1.1
> Host: securemetrics.apple.com:443
> User-Agent: curl/7.54.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: securemetrics.apple.com
* Server certificate: DigiCert Global CA G2
* Server certificate: DigiCert Global Root G2
> GET / HTTP/1.1
> Host: securemetrics.apple.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< Date: Sun, 07 Apr 2019 11:26:02 GMT
< Server: Omniture DC
< xserver: www496
< Content-Length: 0
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
ghost
All 8 comments
Update
I solved the first problem with #5266 | SSL3_GET_KEY_EXCHANGE.
OpenSSL::SSL::Context::Client.insecure| Do not use, danger
But it doesn't work for Connection reset by peer | Unexpected EOF.
ghost
on 7 Apr 2019
Update
But it can work in ruby irb.
$ irb -v
irb 1.0.0 (2018-12-18)
-
$ irb
irb(main):001:0> require "net/http"
=> true
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 1.0.2q 20 Nov 2018"
irb(main):002:0> uri = URI('https://cn2-bid.adsrvr.cn')
=> #<URI::HTTPS https://cn2-bid.adsrvr.cn>
irb(main):003:0> Net::HTTP.get(uri)
=> "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>403 - Forbidden: Access is denied.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>403 - Forbidden: Access is denied.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n"
irb(main):004:0> uri = URI('https://tls-v1-2.badssl.com:1012')
=> #<URI::HTTPS https://tls-v1-2.badssl.com:1012>
irb(main):005:0> Net::HTTP.get(uri)
=> "<!DOCTYPE html>\n<html>\n<head>\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <link rel=\"shortcut icon\" href=\"/icons/favicon-green.ico\"/>\n <link rel=\"apple-touch-icon\" href=\"/icons/icon-green.png\"/>\n <title>tls-v1-2.badssl.com</title>\n <link rel=\"stylesheet\" href=\"/style.css\">\n <style>body { background: green; }</style>\n</head>\n<body>\n<div id=\"content\">\n <h1 style=\"font-size: 12vw;\">\n tls-v1-2.<br>badssl.com\n </h1>\n</div>\n\n</body>\n</html>\n"
irb(main):006:0> uri = URI('https://securemetrics.apple.com')
=> #<URI::HTTPS https://securemetrics.apple.com>
irb(main):007:0> Net::HTTP.get(uri)
=> ""
Update
Wow | I found my OpenSSL version in Crystal to be 0.9.8...
I try to solve it.
$ icr -v
icr version 0.6.0
Author: Potapov Sergey
Homepage: https://github.com/crystal-community/icr
$ icr
icr(0.27.2) > require "openssl"
=> ok
icr(0.27.2) > LibSSL::OPENSSL_VERSION
=> "0.9.8"
Update
I found some link information for crystal build.
I try to solve it (I found some clues).
$ echo "require \"openssl\"" > openssl.cr
$ crystal build openssl.cr --release
$ otool -L ./openssl
./openssl:
/usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
/usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.8)
/usr/lib/libpcre.0.dylib (compatibility version 1.0.0, current version 1.1.0)
/usr/local/opt/bdw-gc/lib/libgc.1.dylib (compatibility version 6.0.0, current version 6.2.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.60.2)
/usr/local/opt/libevent/lib/libevent-2.1.6.dylib (compatibility version 7.0.0, current version 7.2.0)
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
$ cd /usr/lib/ && ls -l -a | grep 'libssl'
-rwxr-xr-x 1 root wheel 396912 7 15 2017 libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 646160 7 15 2017 libssl.0.9.8.dylib
-rw-r--r-- 1 root wheel 942880 7 15 2017 libssl.35.dylib
-rw-r--r-- 1 root wheel 882656 7 15 2017 libssl.39.dylib
lrwxr-xr-x 1 root wheel 18 12 16 00:04 libssl.dylib -> libssl.0.9.8.dylib
Update
Some link solutions for (libssl, libcrypto).
libSSL Link
$ cd /usr/local/include && rm openssl
$ ln -s /usr/local/Cellar/openssl/1.0.2q/include/openssl /usr/local/include
$ sudo ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/lib
Password:
$ cd /usr/lib && ls -l -a | grep 'libssl'
-rwxr-xr-x 1 root wheel 396912 7 15 2017 libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 646160 7 15 2017 libssl.0.9.8.dylib
lrwxr-xr-x 1 root wheel 45 4 8 21:16 libssl.1.0.0.dylib -> /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
-rw-r--r-- 1 root wheel 942880 7 15 2017 libssl.35.dylib
-rw-r--r-- 1 root wheel 882656 7 15 2017 libssl.39.dylib
lrwxr-xr-x 1 root wheel 18 12 16 00:04 libssl.dylib -> libssl.0.9.8.dylib
$ sudo rm libssl.dylib
$ ls -l -a | grep libssl
-rwxr-xr-x 1 root wheel 396912 7 15 2017 libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 646160 7 15 2017 libssl.0.9.8.dylib
lrwxr-xr-x 1 root wheel 45 4 8 21:16 libssl.1.0.0.dylib -> /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
-rw-r--r-- 1 root wheel 942880 7 15 2017 libssl.35.dylib
-rw-r--r-- 1 root wheel 882656 7 15 2017 libssl.39.dylib
$ sudo ln -s libssl.1.0.0.dylib libssl.dylib
$ ls -l -a | grep libssl
-rwxr-xr-x 1 root wheel 396912 7 15 2017 libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 646160 7 15 2017 libssl.0.9.8.dylib
lrwxr-xr-x 1 root wheel 45 4 8 21:16 libssl.1.0.0.dylib -> /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
-rw-r--r-- 1 root wheel 942880 7 15 2017 libssl.35.dylib
-rw-r--r-- 1 root wheel 882656 7 15 2017 libssl.39.dylib
lrwxr-xr-x 1 root wheel 18 4 8 21:19 libssl.dylib -> libssl.1.0.0.dylib
libCrypto Link
$ cd /usr/lib && ls -l -a | grep 'crypto'
-rwxr-xr-x 1 root wheel 2043552 7 15 2017 libcrypto.0.9.7.dylib
-rwxr-xr-x 1 root wheel 2679312 7 15 2017 libcrypto.0.9.8.dylib
-rw-r--r-- 1 root wheel 4209728 7 15 2017 libcrypto.35.dylib
-rw-r--r-- 1 root wheel 4181040 7 15 2017 libcrypto.38.dylib
lrwxr-xr-x 1 root wheel 21 12 16 00:04 libcrypto.dylib -> libcrypto.0.9.8.dylib
lrwxr-xr-x 1 root wheel 54 12 16 00:04 libk5crypto.dylib -> /System/Library/Frameworks/Kerberos.framework/Kerberos
$ sudo ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/lib
$ cd /usr/lib && ls -l -a | grep 'crypto'
-rwxr-xr-x 1 root wheel 2043552 7 15 2017 libcrypto.0.9.7.dylib
-rwxr-xr-x 1 root wheel 2679312 7 15 2017 libcrypto.0.9.8.dylib
lrwxr-xr-x 1 root wheel 48 4 8 21:39 libcrypto.1.0.0.dylib -> /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib
-rw-r--r-- 1 root wheel 4209728 7 15 2017 libcrypto.35.dylib
-rw-r--r-- 1 root wheel 4181040 7 15 2017 libcrypto.38.dylib
lrwxr-xr-x 1 root wheel 21 12 16 00:04 libcrypto.dylib -> libcrypto.0.9.8.dylib
lrwxr-xr-x 1 root wheel 54 12 16 00:04 libk5crypto.dylib -> /System/Library/Frameworks/Kerberos.framework/Kerberos
$ sudo rm libcrypto.dylib
$ ls -l -a | grep 'crypto'
-rwxr-xr-x 1 root wheel 2043552 7 15 2017 libcrypto.0.9.7.dylib
-rwxr-xr-x 1 root wheel 2679312 7 15 2017 libcrypto.0.9.8.dylib
lrwxr-xr-x 1 root wheel 48 4 8 21:39 libcrypto.1.0.0.dylib -> /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib
-rw-r--r-- 1 root wheel 4209728 7 15 2017 libcrypto.35.dylib
-rw-r--r-- 1 root wheel 4181040 7 15 2017 libcrypto.38.dylib
lrwxr-xr-x 1 root wheel 54 12 16 00:04 libk5crypto.dylib -> /System/Library/Frameworks/Kerberos.framework/Kerberos
$ sudo ln -s libcrypto.1.0.0.dylib libcrypto.dylib
$ ls -l -a | grep 'crypto'
-rwxr-xr-x 1 root wheel 2043552 7 15 2017 libcrypto.0.9.7.dylib
-rwxr-xr-x 1 root wheel 2679312 7 15 2017 libcrypto.0.9.8.dylib
lrwxr-xr-x 1 root wheel 48 4 8 21:39 libcrypto.1.0.0.dylib -> /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib
-rw-r--r-- 1 root wheel 4209728 7 15 2017 libcrypto.35.dylib
-rw-r--r-- 1 root wheel 4181040 7 15 2017 libcrypto.38.dylib
lrwxr-xr-x 1 root wheel 21 4 8 21:42 libcrypto.dylib -> libcrypto.1.0.0.dylib
lrwxr-xr-x 1 root wheel 54 12 16 00:04 libk5crypto.dylib -> /System/Library/Frameworks/Kerberos.framework/Kerberos
Update
Ok, It worked for crystal build link information.
But the version information is still 0.9.8.
$ rm -f ./openssl*
$ echo "require \"openssl\"; puts LibSSL::OPENSSL_VERSION" > openssl.cr
$ crystal build openssl.cr --release
$ otool -L ./openssl
./openssl:
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.8)
/usr/lib/libpcre.0.dylib (compatibility version 1.0.0, current version 1.1.0)
/usr/local/opt/bdw-gc/lib/libgc.1.dylib (compatibility version 6.0.0, current version 6.2.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.60.2)
/usr/local/opt/libevent/lib/libevent-2.1.6.dylib (compatibility version 7.0.0, current version 7.2.0)
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
$ ./openssl # => 0.9.8 (wtf?)
Should be enough to brew install pkg-config and export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"
jhass
on 8 Apr 2019
Update
With the help of @jhass, I solved the last problem (libssl::OPENSSL_VERSION).
So far, All ssl problems have been resolved.
Screenshot(Before @jhass reply)
Finally
If anyone is experiencing this problem, please try my solution.
- Monday, April 8, 2019
ghost
on 8 Apr 2019
👍3
Was this page helpful?
0 / 5 - 0 ratings
Related issues
cjgajard
路
3Comments
Papierkorb
路
3Comments
oprypin
路
3Comments
lbguilherme
路
3Comments
RX14
路
3Comments
Most helpful comment
Update
With the help of @jhass, I solved the last problem (
libssl::OPENSSL_VERSION).So far, All ssl problems have been resolved.
Screenshot(Before @jhass reply)
Finally
If anyone is experiencing this problem, please try my solution.