Permalink
Switch branches/tags
Nothing to show
Find file Copy path
2559071 Sep 11, 2018
1 recent contributor

Users who have contributed to this file recently

115 lines (95 sloc) 3.89 KB
class OpensslAT11 < Formula
desc "Cryptography and SSL/TLS Toolkit"
homepage "https://openssl.org/"
url "https://www.openssl.org/source/openssl-1.1.1.tar.gz"
mirror "https://dl.bintray.com/homebrew/mirror/openssl@1.1--1.1.1.tar.gz"
mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-1.1.1.tar.gz"
sha256 "2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d"
version_scheme 1
bottle do
sha256 "5d6cc9cf64cef8d08ef3a63725e58d1b9820596ec99e9b9f294cbb97aa07f4f0" => :mojave
sha256 "b5a051ce2892d64a208a6d7e919d9494a37a79030adf39e1439c79d634cf5e8f" => :high_sierra
sha256 "35f229571fba08b387086e6dc6a6494a3feabf2cf8270e90e10f10622a6165f5" => :sierra
sha256 "1156c16f82dc12920d98f62664110049734f8b26ec48d80ca6f4b9b5bfe8c78a" => :el_capitan
end
keg_only :versioned_formula
option "without-test", "Skip build-time tests (not recommended)"
# Only needs 5.10 to run, but needs >5.13.4 to run the testsuite.
# https://github.com/openssl/openssl/blob/4b16fa791d3ad8/README.PERL
# The MacOS ML tag is same hack as the way we handle most :python deps.
depends_on "perl" if build.with?("test") && MacOS.version <= :mountain_lion
# SSLv2 died with 1.1.0, so no-ssl2 no longer required.
# SSLv3 & zlib are off by default with 1.1.0 but this may not
# be obvious to everyone, so explicitly state it for now to
# help debug inevitable breakage.
def configure_args; %W[
--prefix=#{prefix}
--openssldir=#{openssldir}
no-ssl3
no-ssl3-method
no-zlib
]
end
def install
# This could interfere with how we expect OpenSSL to build.
ENV.delete("OPENSSL_LOCAL_CONFIG_DIR")
# This ensures where Homebrew's Perl is needed the Cellar path isn't
# hardcoded into OpenSSL's scripts, causing them to break every Perl update.
# Whilst our env points to opt_bin, by default OpenSSL resolves the symlink.
if which("perl") == Formula["perl"].opt_bin/"perl"
ENV["PERL"] = Formula["perl"].opt_bin/"perl"
end
if MacOS.prefer_64_bit?
arch_args = %w[darwin64-x86_64-cc enable-ec_nistp_64_gcc_128]
else
arch_args = %w[darwin-i386-cc]
end
ENV.deparallelize
system "perl", "./Configure", *(configure_args + arch_args)
system "make"
system "make", "test" if build.with?("test")
system "make", "install", "MANDIR=#{man}", "MANSUFFIX=ssl"
end
def openssldir
etc/"openssl@1.1"
end
def post_install
keychains = %w[
/System/Library/Keychains/SystemRootCertificates.keychain
]
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
certs = certs_list.scan(
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m,
)
valid_certs = certs.select do |cert|
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout >/dev/null", "w") do |openssl_io|
openssl_io.write(cert)
openssl_io.close_write
end
$CHILD_STATUS.success?
end
openssldir.mkpath
(openssldir/"cert.pem").atomic_write(valid_certs.join("\n"))
end
def caveats; <<~EOS
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
#{openssldir}/certs
and run
#{opt_bin}/c_rehash
EOS
end
test do
# Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody.
assert_predicate HOMEBREW_PREFIX/"etc/openssl@1.1/openssl.cnf", :exist?,
"OpenSSL requires the .cnf file for some functionality"
# Check OpenSSL itself functions as expected.
(testpath/"testfile.txt").write("This is a test file")
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249"
system bin/"openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt"
open("checksum.txt") do |f|
checksum = f.read(100).split("=").last.strip
assert_equal checksum, expected_checksum
end
end
end