From 35338fc220b34cd9aed4bc7b78c24b1b5a58e6df Mon Sep 17 00:00:00 2001 From: Flavio Heleno Date: Tue, 29 Dec 2020 20:13:06 -0300 Subject: [PATCH] (*) Added instructions for generating ssl files on macOS --- README.md | 6 ++++-- ssl-macOS.md | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 ssl-macOS.md diff --git a/README.md b/README.md index d5620f4..43bb988 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,13 @@ $ ./vendor/bin/http_test_server > /dev/null 2>&1 & Then generate ssh certificates: ```bash -$ cd ./tests/server/ssl +$ cd ./tests/server/ssl $ ./generate.sh -$ cd ../../../ +$ cd ../../../ ``` +Note: If you are running this on macOS and get the following error: "Error opening CA Private Key privkey.pem", check [this](ssl-macOS.md) file. + Now run the test suite: ``` bash diff --git a/ssl-macOS.md b/ssl-macOS.md new file mode 100644 index 0000000..c37468d --- /dev/null +++ b/ssl-macOS.md @@ -0,0 +1,58 @@ +# Generating SSL Certificates on macOS + +When generating SSL Certificates on macOS, you must ensure that you're using brew's openssl binary and not the one provided by the OS. + +To do that, find out where your openssl is installed by running: + +```bash +$ brew info openssl +``` + +You should see something like this: + +``` +openssl@1.1: stable 1.1.1i (bottled) [keg-only] +Cryptography and SSL/TLS Toolkit +https://openssl.org/ +/usr/local/Cellar/openssl@1.1/1.1.1i (8,067 files, 18.5MB) + Poured from bottle on 2020-12-11 at 11:31:46 +From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/openssl@1.1.rb +License: OpenSSL +==> Caveats +A CA file has been bootstrapped using certificates from the system +keychain. To add additional certificates, place .pem files in + /usr/local/etc/openssl@1.1/certs + +and run + /usr/local/opt/openssl@1.1/bin/c_rehash + +openssl@1.1 is keg-only, which means it was not symlinked into /usr/local, +because macOS provides LibreSSL. + +If you need to have openssl@1.1 first in your PATH run: + echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> /Users/flavio/.bash_profile + +For compilers to find openssl@1.1 you may need to set: + export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib" + export CPPFLAGS="-I/usr/local/opt/openssl@1.1/include" + +For pkg-config to find openssl@1.1 you may need to set: + export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig" + +==> Analytics +install: 855,315 (30 days), 2,356,331 (90 days), 7,826,269 (365 days) +install-on-request: 139,236 (30 days), 373,801 (90 days), 1,120,685 (365 days) +build-error: 0 (30 days) +``` + +The important part is this: + +> echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> /Users/flavio/.bash_profile + +Instead of running `./tests/server/ssl/generate.sh`, you should instead run: + +```bash +$ PATH="/usr/local/opt/openssl@1.1/bin ./tests/server/ssl/generate.sh +``` + +You should now be good to go.