9

I was getting "certificate verify failed (OpenSSL::SSL::SSLError)" in my ruby app and decided it was time to update the old openssl on my Mac OS X (Mountain Lion) system.

I grabbed the latest sources from here and did the usual

  • ./Configure darwin64-x86_64-cc
  • make
  • make test
  • sudo make install

... and everything completed without apparent error. But I notice that the new openssl has not replaced the old openssl:

$ which openssl
/usr/bin/openssl
$ /usr/bin/openssl version
OpenSSL 0.9.8x 10 May 2012
$ /usr/local/ssl/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013

I'm hesitant to mess around with important system files for fear of breaking existing things. What's the recommended approach? I'm thinking of replacing /usr/bin/openssl with a symlink to the /usr/local/ssl/bin version. Would that work?

fearless_fool
  • 33,645
  • 23
  • 135
  • 217

1 Answers1

10

To prioritize your local copy over the system copy you need to add it to your shell PATH variable

export PATH="/usr/local/ssl/bin:$PATH"

If you want this to execute every time you start a shell just add it to your .bash_profile in your home directory.

However, this is not going to fix your problem because Ruby would need to be recompiled against the new OpenSSL (we'll assume the updated root certificates file that comes with the new OpenSSL would hypothetically fix this issue). I'd recommend installing either rvm or rbenv and rebuilding ruby. Note that both of those tools would prefer you to install openssl via homebrew.

Paul Kehrer
  • 13,466
  • 4
  • 40
  • 57
  • 1
    That's good enough for me. FWIW, I have my own build scripts that put all ruby executables and libraries in a sandbox and (as a philosophical point) never ever touches system files, nor requires sudo. It's my own version of rvm, I suppose. – fearless_fool Aug 22 '13 at 00:14