Installing Openssl Library for Xcode

Installing OpenSSL library for Xcode

OK, how to build and install it....

It might be easier to use a pre-built version of OpenSSL for iOS. You can find one at this Github account. The OpenSSL from that Github are multi-arch. They have ARMv7, ARMv7s, ARM64, and i386. That means they work with devices and simulators.

Download either OpenSSL 1.0.1e or 1.0.1f. Install it in a location like /usr/local/ssl/ios.

Then, add the headers to your Xcode project. They are located in /usr/local/ssl/ios/include:

Finally, add the multi-arch libs (libcrypto.a and libssl.a) to your Xcode project. They are located in /usr/local/ssl/ios/lib:

How to add OpenSSL to an Xcode project

You will need to compile and link it yourself, and your app needs to ship it. If the license of your app and OpenSSL's license are compatible, you may use static linking. Otherwise you will need to dynamically link it.

There are a few documents describing the process and build scripts that you can find with Google searches. For iOS, there's even a Github project. I didn't copy the contents of those documents here since it's too much and it's a moving target.

You can also install OpenSSL with Homebrew. If you just want to have your app run on your Mac and you don't want to distribute it, this is the easiest way: you just need to link it. But if you want to distribute your app, you would need to copy the library/libraries to your app bundle and make sure the the linker finds it there. This also has the disadvantage that there's a possible "disconnect" between your app and the OpenSSL version: if in one year, you update OpenSSL with Homebrew and want to compile/link an older version of your app against the very same OpenSSL version as you've used at that time, you have a problem.

Having trouble installing OpenSSL Cocoapod

First things first: If you can, try to switch to a different POD. That one is no longer maintained.

Workaround if you cannot switch:

curl https://www.openssl.org/source/openssl-<your-version>.tar.gz > file.tgz
cp file.tgz /tmp/openssl #create directory if needed
sed 's/cp \\"file.tgz\\" \\"${CURRENTPATH}\/file.tgz\\"//' `find ~/.cocoapods|grep "OpenSSL/<your-version>/OpenSSL.podspec.json"`
pod install

"< your version >" would be e.g. "1.0.2j" for the URL and "1.0.210" for the grep

macOS 10.12 brew install openssl issue

I managed to resolve it by editing formula (brew edit openssl)
and adding

-I/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include

to args array in configure_args.

As below:

  def configure_args
    args = %W[
      --prefix=#{prefix}
      --openssldir=#{openssldir}
      no-ssl3
      no-ssl3-method
      no-zlib
      ##### add the line here ####
      -I/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include
    ]
    on_linux do
      args += (ENV.cflags || "").split
      args += (ENV.cppflags || "").split
      args += (ENV.ldflags || "").split
      args << "enable-md2"
    end
    args
  end

Statically link OpenSSL in XCode

Why does it look for dylib when I am linking it statically? How can this be fixed?

Apple's linker uses the dylib or share object if its available, regardless of of your linker flags like -rpath and -Bstatic. They even do it on iOS, where dylib's are not allowed!

Its kind of a well known problem once you know about it :) See, for example, Installing Crypto++ 5.6.2 on Mac OS X. Crypto++ has the same problems with Apple's tools.

The fix is to stop using -L and -l options, and to link the object file or archive directly. An archive is just a collection of object files, so you can use them interchangeably.

To specify the object files or archives for the linker, see Linking to an object file. Under Xcode, you add the fully specified archive name (like /usr/local/openssl-ios/lib/libcrypto.a) to Other Linker Flags (the OTHER_LDFLAGS Xcode option).

When adding the full archive to OTHER_LDFLAGS, I believe you just add it verbatim without any switches, like -l or -L. You may need -Wl (-Wl,/usr/local/openssl-ios/lib/libcrypto.a), but you don't use -l (-l/usr/local/openssl-ios/lib/libcrypto.a).

You use -Wl when the option is passed through the compiler driver to the linker. If the linker is invoked directly, then you don't need -Wl and should not use it.

---

A second option is to set GCC_LINK_WITH_DYNAMIC_LIBRARIES to YES. Apple does not appear to document it in Xcode Build Setting Reference, but its clearly under my copy of Xcode. See How to link a static library for iOS on Stack Overflow.

I seem to recall having problems with this in the past. Its one of those things that should work in theory, but does not work in practice.

---

A third option is to remove the dylib or shared object from all paths used under Xcode so Xcode does not accidentally find it when using -lcrypto.

---

A fourth option is use allow dynamic linking, but execute the program with DYLD_LIBRARY_PATH. Its OS X's equivalent to LD_LIBRARY_PATH, and ensures your copy of OpenSSL is loaded (like 1.0.2), and not the system's version of OpenSSL (0.9.8).

But I don't like this option because it requires users of your software to do something.

---

Another possibility due to the message dyld: Library not loaded: /usr/local/ssl/lib/libcrypto.1.0.0.dylib is to code sign your copy of the library. Its a little odd its found but not loaded, so I'm going to toss this out there in case its OS X's Code Signing or Gatekeeper Service...

To code sign your copy of the library under the MAC Developer program, just:

codesign -fs "Johnny Developer" /usr/local/ssl/lib/libcrypto.so

---

Related Topics