An alternative would be to statically link libssl and libcrypto. No
more dependencies.
Pauli
On 20/11/21 3:48 pm, Viktor Dukhovni wrote:
On Sat, Nov 20, 2021 at 01:38:39PM +1100, Grahame Grieve wrote:
I agree it's sure not a core openSSL issue. But surely lots of people
want to use openSSL in cross platform apps and openSSL is interested
in adoption issues?
Most of the users here are building applications that are not notarised,
and so work with the upstream builds.
Anyway, it looks like I now have to figure out how to maintain a
custom build of openSSL :-(
It shouldn't be too difficult to execute the build, once you've figured
out the actual requirements. Apparently you need to make sure that
signed code has very explicit dependencies, which makes some sense, so
the libraries bundled with the application need to be built in a way
that can be verified along with the application.
My best guess is that Apple are not specifically picking on OpenSSL
here, and similar issues would arise with any other libraries you'd
want to package with your application. Good luck.
Feel free to share your findings. Perhaps someone will then help
you find a way to improve on them, or to add a template to the
build to support this going forward...
