How to Tell Which Openssl Lib Is Actually Being Used by an Rvm-Installed Ruby

How to tell which openssl lib is actually being used by an RVM-installed ruby

Ruby has quite complicated mechanisms for detecting libraries, every extension has it's own code for that. Fortunately most of the extensions support pkg-config so it's possible to force location of *.pc files:

PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig rvm reinstall 1.9.3
rvm use 1.9.3

then after compilation you can verify on OSX:

find $MY_RUBY_HOME -name openssl.bundle | xargs otool -L

or on linux:

find $MY_RUBY_HOME -name openssl.so | xargs ldd

as for the --with-openssl-dir=... it is not fully supported by ruby, it should be --with-opt-dir=... + --with-openssl, opt-dir supports multiple paths separated with : starting from ruby 1.9.3-p327

How do I know if Qt links against openssl, and which one?

Qt links some libraries dynamically at runtime. In order to see which libraries are loaded, one can check the diagnostic output of the dynamic linker, as hinted by Matteo:

Say my executable is called QGroundcontrol:

On Linux:

LD_DEBUG=libs ./QGroundcontrol 2>&1 | grep -E "ssl|crypto"

On macOS:

DYLD_PRINT_LIBRARIES=1 ./QGroundcontrol 2>&1 | grep -E "ssl|crypto"

From this I could see that Qt finds openssl on the system.

Now, I still don't know how I can tell Qt to look somewhere else (in case I want to link another openssl), but that's another question.

troubles with RVM and OpenSSL

Try this:

rvm get head
rvm pkg remove
rvm requirements run  # if brew gives you warnings about formulas to install, run "brew install" for each before moving on.

rvm reinstall [the version you need (i.e: 2.0.0)]

Ruby and You must recompile Ruby with OpenSSL support or change the sources in your Gemfile

The new way to do it, according to a comment by @Purplejacket above, is the following:

rvm autolibs homebrew
rvm install 2.1.1
rvm use 2.1.1

It's much easier.

Setup RVM, Ruby on Mac OS X Sierra: Unable to require openssl

Well I found a solution to the problem previously described. The following steps outline how it was resolved.

CleanUp

1. Removed the installation of Homebrew via ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall)"

2. Removed the installation of RVM via rvm implode

Rebuild

1. Install Homebrew using ruby -e "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/master/install)"

2. Do integrity check on Brew using brew upgrade followed by brew doctor

3. Install RVM (again!) using \curl -sSL https://get.rvm.io | bash -s stable
4. Ensure that RVM knows about homebrew through the autolibs option using rvm autolibs homebrew

5. Setup the environment variables so that we know where the openssl is installed:

   export LDFLAGS=-L/usr/local/opt/openssl/lib

   export CPPFLAGS=-I/usr/local/opt/openssl/include

   export PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig

6. Install ruby via rvm install 2.3.3 --autolibs=homebrew

Check that it Works

1. Check that the rvm space knows about the OpenSSL certificates using rvm osx-ssl-certs status all. Running this command produced the following output: Certificates for /usr/local/etc/openssl/cert.pem: Up to date.

2. Install rails via gem install rails

At the last step the installation succeeded and Rails was working (at last!)

Error installing Rmagick on Mountain Lion

It appears it's a problem reported on the Homebrew github repo (https://github.com/mxcl/homebrew/issues/16625) blaming rmagick itself not supporting newer versions of imagemagick. On that same issue (https://github.com/mxcl/homebrew/issues/16625#issuecomment-11519383), you can find this link: https://coderwall.com/p/wnomjg which actually worked for me. This is what he does:

cd /usr/local/Cellar/imagemagick/6.8.0-10/lib
ln -s libMagick++-Q16.7.dylib   libMagick++.dylib
ln -s libMagickCore-Q16.7.dylib libMagickCore.dylib
ln -s libMagickWand-Q16.7.dylib libMagickWand.dylib

Hope this helps.

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.

---

Related Topics