Re: OpenSSL 1.1 on OSX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




The problem is that symlinking doesn't work in this case. Sure, I can install openSSL, and then it works. For me. But I'm trying to distribute an application, and to do that on modern macs, I need a hardened run time. And the rule for that is that all code your application uses must be signed either by you or by apple.

 

It is trivial to install OpenSSL-1.1.1 via Macports, and build/link an app with hardened run time against it.


well, I'm sure it's due to my own deficiencies, but I'm not finding it all trivial to produce an app with a hardened run time that works with openssl. 
 

XCode offers an option to embed and sign the libraries you’re linking against.


unfortunately, I'm not using XCode, since I'm writing a cross-platform app. That's ok - I figured out how to embed and sign the libraries myself. Only... that wasn't enough in this specific case,  because of a specific OSX rule for openSSL. 
 

Another option is to state in the docs that this app depends on user installing Macports port “openssl11”.


Only, this is not an option. At least not experimentally, nor based on this:

" Hardened Runtime only allows executables to load code that has been code-signed by the same team, or by Apple"
 
(https://developer.apple.com/forums/thread/112825 - not explicit apple documentation, but matches my testing)

Grahame



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux