class OpensslAT11 < Formula desc "Cryptography and SSL/TLS Toolkit" homepage "https://openssl.org/" url "https://www.openssl.org/source/openssl-1.1.1i.tar.gz" mirror "https://dl.bintray.com/homebrew/mirror/openssl-1.1.1i.tar.gz" mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-1.1.1i.tar.gz" sha256 "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" license "OpenSSL" version_scheme 1 livecheck do url "https://www.openssl.org/source/" regex(/href=.*?openssl[._-]v?(1\.1(?:\.\d+)+[a-z]?)\.t/i) end bottle do sha256 arm64_big_sur: "cb01d17d18af475c29e87e05b8ec866b813b9f24e8a3b438efbabdf548dc5649" sha256 big_sur: "8008537d37a7f09eedbcd03c575e15206c54f97fe162c6d36da904897e9cee31" sha256 catalina: "066b9f114617872e77fa3d4afee2337daabc2c181d7564fe60a5b26d89d69742" sha256 mojave: "f5a348793735d449d990693ab687049fb11c08ade0b74c6f7337a56fc0a77908" end on_linux do resource "cacert" do # homepage "http://curl.haxx.se/docs/caextract.html" url "https://curl.haxx.se/ca/cacert-2020-01-01.pem" mirror "https://gist.githubusercontent.com/dawidd6/16d94180a019f31fd31bc679365387bc/raw/ef02c78b9d6427585d756528964d18a2b9e318f7/cacert-2020-01-01.pem" sha256 "adf770dfd574a0d6026bfaa270cb6879b063957177a991d453ff1d302c02081f" end resource "Test::Harness" do url "https://cpan.metacpan.org/authors/id/L/LE/LEONT/Test-Harness-3.42.tar.gz" sha256 "0fd90d4efea82d6e262e6933759e85d27cbcfa4091b14bf4042ae20bab528e53" end resource "Test::More" do url "https://cpan.metacpan.org/authors/id/E/EX/EXODIST/Test-Simple-1.302175.tar.gz" sha256 "c8c8f5c51ad6d7a858c3b61b8b658d8e789d3da5d300065df0633875b0075e49" end resource "ExtUtils::MakeMaker" do url "https://cpan.metacpan.org/authors/id/B/BI/BINGOS/ExtUtils-MakeMaker-7.48.tar.gz" sha256 "94e64a630fc37e80c0ca02480dccfa5f2f4ca4b0dd4eeecc1d65acd321c68289" end end # SSLv2 died with 1.1.0, so no-ssl2 no longer required. # SSLv3 & zlib are off by default with 1.1.0 but this may not # be obvious to everyone, so explicitly state it for now to # help debug inevitable breakage. def configure_args ENV['CFLAGS'] = '-isysroot /usr/local/SYSROOT/MacOSX10.13.sdk' ENV['CXXFLAGS'] = '-isysroot /usr/local/SYSROOT/MacOSX10.13.sdk' ENV['CC'] = '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang' ENV['CXX'] = '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++' ENV['LD'] = '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld' ENV['AR'] = '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ar' args = %W[ --prefix=#{prefix} --openssldir=#{openssldir} no-ssl3 no-ssl3-method no-zlib no-asm no-shared ] args += (ENV.cflags || "").split args += (ENV.cppflags || "").split args += (ENV.ldflags || "").split end def install on_linux do ENV.prepend_create_path "PERL5LIB", libexec/"lib/perl5" %w[ExtUtils::MakeMaker Test::Harness Test::More].each do |r| resource(r).stage do system "perl", "Makefile.PL", "INSTALL_BASE=#{libexec}" system "gmake", "-j16", "PERL5LIB=#{ENV["PERL5LIB"]}", "CC=#{ENV.cc}" system "gmake", "-j16", "install" end end end # This could interfere with how we expect OpenSSL to build. ENV.delete("OPENSSL_LOCAL_CONFIG_DIR") # This ensures where Homebrew's Perl is needed the Cellar path isn't # hardcoded into OpenSSL's scripts, causing them to break every Perl update. # Whilst our env points to opt_bin, by default OpenSSL resolves the symlink. ENV["PERL"] = Formula["perl"].opt_bin/"perl" if which("perl") == Formula["perl"].opt_bin/"perl" arch_args = [] on_macos do arch_args += %W[darwin64-#{Hardware::CPU.arch}-cc enable-ec_nistp_64_gcc_128] end on_linux do if Hardware::CPU.intel? arch_args << (Hardware::CPU.is_64_bit? ? "linux-x86_64" : "linux-elf") elsif Hardware::CPU.arm? arch_args << (Hardware::CPU.is_64_bit? ? "linux-aarch64" : "linux-armv4") end end ENV.deparallelize system "perl", "./Configure", *(configure_args + arch_args) system "make", "-j16" system "make", "-j16", "install", "MANDIR=#{man}", "MANSUFFIX=ssl" # system "make", "-j16", "test" end def openssldir etc/"openssl@1.1" end def post_install on_macos(&method(:macos_post_install)) on_linux(&method(:linux_post_install)) end def macos_post_install keychains = %w[ /System/Library/Keychains/SystemRootCertificates.keychain ] certs_list = `security find-certificate -a -p #{keychains.join(" ")}` certs = certs_list.scan( /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m, ) valid_certs = certs.select do |cert| IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout >/dev/null", "w") do |openssl_io| openssl_io.write(cert) openssl_io.close_write end $CHILD_STATUS.success? end openssldir.mkpath (openssldir/"cert.pem").atomic_write(valid_certs.join("\n") << "\n") end def linux_post_install # Download and install cacert.pem from curl.haxx.se cacert = resource("cacert") cacert.fetch rm_f openssldir/"cert.pem" filename = Pathname.new(cacert.url).basename openssldir.install cacert.files(filename => "cert.pem") end def caveats <<~EOS A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in #{openssldir}/certs and run #{opt_bin}/c_rehash EOS end test do # Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody. assert_predicate pkgetc/"openssl.cnf", :exist?, "OpenSSL requires the .cnf file for some functionality" # Check OpenSSL itself functions as expected. (testpath/"testfile.txt").write("This is a test file") expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249" system bin/"openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt" open("checksum.txt") do |f| checksum = f.read(100).split("=").last.strip assert_equal checksum, expected_checksum end end end