How to install latest version of openssl Mac OS X El Capitan

Question

I have used brew install openssl to download and install openssl v1.0.2f, however, it comes back saying:

A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local.

Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include

And when I do openssl version -a it always gives me:

OpenSSL 0.9.8zg 14 July 2015
built on: Jul 31 2015
platform: darwin64-x86_64-llvm
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfish(idx) 
compiler: -arch x86_64 -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DOPENSSL_THREADS -DZLIB -mmacosx-version-min=10.6
OPENSSLDIR: "/System/Library/OpenSSL"

How can I replace the old version with the new one? I've searched a lot on how to do this, but the solutions online don't seem to work for me...

@ksl Nope! :/ None of the answers worked for me. – Tometoyou Aug 23 '16 at 09:03 — Tometoyou, Aug 23 '16 at 09:03

shaunthomas999 · Answer 1 · 2019-01-05T10:46:53.503

61

Execute following commands:

brew update
brew install openssl
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile

You will have the latest version of openssl installed and accessible from cli (command line/terminal). Since the third command will add export path to .bash_profile, the newly installed version of openssl will be accessible across system restarts.

edited Jan 05 '19 at 10:46

answered Sep 12 '17 at 14:37

shaunthomas999

5,544
2
26
30

1

When I run `$ openssl version` I get `OpenSSL 0.9.8zh 14 Jan 2016` but when I run `$ brew install openssl` I get `Warning: openssl 1.0.2l is already installed`. Does this mean I have two versions installed? – Sep 18 '17 at 08:04
4

I guess, you have 2 versions of openssl in your system now. One available by default with mac and the other one you installed using brew. Execute the third and fourth commands above to access the latest version(1.0.2l) of openssl from the command line. – shaunthomas999 Sep 19 '17 at 09:51
5

The key is to use `/usr/local/opt/openssl/bin/openssl` instead of your `/usr/bin/openssl`. – Hunor Kovács Jan 29 '20 at 00:05

Olivier · Answer 2 · 2019-01-12T10:31:29.090

34

Only

export PATH=$(brew --prefix openssl)/bin:$PATH in ~/.bash_profile

has worked for me! Thank you mipadi.

edited Jan 12 '19 at 10:31

answered Nov 23 '16 at 09:49

Olivier

519
5
8

I found util for people who like me have tried everything they read about how to link the last openssl. – Olivier Dec 01 '16 at 16:44
this has also been the only thing that has worked for me on osX Sierra, WITHOUT disabling SIP. Thanks! – John Apr 29 '17 at 17:08
THis will severely slow down your terminal. – kapad Aug 09 '21 at 20:49

Wade Williams · Answer 3 · 2022-04-07T17:50:17.640

11

I can't reproduce your issue running El Cap + Homebrew 1.0.x

Upgrade to Homebrew 1.0.x, which was released late in September 2016. Specific changes were made in the way openssl is linked. The project is on a more robust release schedule now that it's hit 1.0.

brew uninstall openssl

brew update && brew upgrade && brew cleanup && brew doctor

You should fix any issues raised by brew doctor before proceeding.

brew install openssl

Note: Upgrading homebrew will update all your installed packages to their latest versions.

edited Apr 07 '22 at 17:50

answered Oct 10 '16 at 14:59

Wade Williams

3,943
1
26
35

17

No, don't do this. It will upgrade everything. – B Seven Oct 21 '16 at 22:36
Added disclaimer about updating. As time goes on, upgrading homebrew to version 1.x will become more and more necessary. The issue has been resolved in homebrew 1.x as far as I can tell. – Wade Williams Oct 27 '16 at 15:40
Thanks. On version 1.x, `brew upgrade` does not upgrade everything? – B Seven Oct 27 '16 at 16:48
1

@BSeven maybe it's necessary to overcome other lib problems? – Vijay Kumar Kanta Jan 05 '20 at 18:12

zlwaterfield · Answer 4 · 2017-04-04T15:57:08.290

9

Try creating a symlink, make sure you have openssl installed in /usr/local/include first.

ln -s /usr/local/Cellar/openssl/{version}/include/openssl /usr/local/include/openssl

More info at Openssl with El Capitan.

edited Apr 04 '17 at 15:57

answered Feb 13 '17 at 19:55

zlwaterfield

841
1
9
18

Your link no longer exists. – Hauke Apr 04 '17 at 15:52
1

@Hauke Updated! – zlwaterfield Apr 04 '17 at 15:57
this solved my problem, after trying everything else for over an hour, thank you. – esd May 29 '17 at 14:55
Awesome to hear! – zlwaterfield May 31 '17 at 17:04

score 4 · Answer 5 · answered Jun 26 '20 at 09:33

4

this command solve my problem on github CI job and virtualbox

brew install openssl@1.1
cp /usr/local/opt/openssl@1.1/lib/pkgconfig/*.pc /usr/local/lib/pkgconfig/

answered Jun 26 '20 at 09:33

Andy Tao

313
2
7

score 3 · Answer 6 · answered Dec 28 '16 at 14:57

I reached this page when I searched for information about openssl being keg-only. I believe I have understood the reason why Homebrew is taking this action now. My solution may work for you:

Use the following command to make the new openssl command available (assuming you have adjusted PATH to put /usr/local/bin before /usr/bin): ln -s /usr/local/opt/openssl/bin/openssl /usr/local/bin/
When compiling with openssl, follow Homebrew's advice and use -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib
Alternatively, you can make these settings permanent by putting the following lines in your .bash_profile or .bashrc: export CPATH=/usr/local/opt/openssl/include export LIBRARY_PATH=/usr/local/opt/openssl/lib

score 1 · Answer 7 · answered Jan 09 '20 at 13:20

This is an old question but still answering it in present-day context as many of the above answers may not work now.

The problem is that the Path is still pointing to the old version. Two solutions can be provided for resolution :

Uninstall old version of openssl package brew uninstall openssl and then reinstall the new version : brew install openssl
point the PATH to the new version of openssl.First install the new version and now(or if) you have installed the latest version, point the path to it: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

score -1 · Answer 8 · answered Feb 03 '16 at 22:21

-1

You can run brew link openssl to link it into /usr/local, if you don't mind the potential problem highlighted in the warning message. Otherwise, you can add the openssl bin directory to your path:

export PATH=$(brew --prefix openssl)/bin:$PATH

answered Feb 03 '16 at 22:21

mipadi

398,885
90
523
479

No; Homebrew will yell at you if you do this. Look at http://stackoverflow.com/a/17016758/17597 for an explanation of keg-only dependencies. As mentioned in the answer above, you can use `--force` to override, but you should understand the potential consequences of doing so. – hakamadare Apr 08 '16 at 18:47

score -1 · Answer 9 · answered Mar 02 '16 at 09:35

-1

To replace the old version with the new one, you need to change the link for it. Type that command to terminal.

brew link --force openssl

Check the version of openssl again. It should be changed.

answered Mar 02 '16 at 09:35

alperozaydin

59
2
4

After `brew link`, for me at least, the OpenSSL appears to be updated. But something is not "right". I executed `brew doctor` and there is a warning for *keg-only* formula, this is a substring of all the output: `Binaries provided by keg-only formulae may override system binaries with other strange results.` And suggests to `brew unlink openssl`. Should be ignored? – Paulo Oliveira Mar 21 '16 at 23:54
18

@Knaak This doesn't work on El Capitan with Homebrew 0.9.9. It responds with the message `Warning: Refusing to link: openssl`. – ksl Aug 23 '16 at 08:47

How to install latest version of openssl Mac OS X El Capitan

9 Answers9

Linked