Ruby Not Finding New Version of Openssl

Ruby not finding new version of OpenSSL

TL;DR

When OpenSSL changes, always recompile Ruby or the openssl native extension.

Why

Ruby compiles the OpenSSL version into the openssl native extension, even when it links to a shared OpenSSL library. Either reinstall Ruby or recompile the openssl extension to fix it.

$ ruby -ropenssl -e'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.2e 3 Dec 2015
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2g  1 Mar 2016
$ strings {{redacted}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle | grep '1.0.2'
OpenSSL 1.0.2e 3 Dec 2015
$ otool -L {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle
{{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle:
        {{redacted}}/ruby-2.3.0/lib/libruby.2.3.0.dylib (compatibility version 2.3.0, current version 2.3.0)
        /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
        /usr/local/opt/gmp/lib/libgmp.10.dylib (compatibility version 14.0.0, current version 14.0.0)
        /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)

We use ruby-install and chruby. Instead of /opt/rubies, we use /usr/local/rubies to avoid sudo. You can also sudo ln -s /usr/local/rubies /opt/rubies if you don't want to bother setting RUBIES for chruby.

brew install openssl && \
ruby-install ruby-2.3.0 \
  --no-install-deps \
  -- \
  --without-X11 \
  --without-tk \
  --enable-shared \
  --disable-install-doc \
  --with-openssl-dir="$(brew --prefix openssl)"

Update

There's yet another constant which is derived from the actual, loaded OpenSSL library.

OpenSSL::OPENSSL_LIBRARY_VERSION

Ruby using wrong version of openssl

Installing OpenSSL with HomeBrew will not immediately link it as the default OpenSSL.

First, let's check which version are you using (on Jul 10, '15 the latest version is 1.0.2d):

openssl version -a
which openssl
ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'

Now, let's be sure to upgrade OpenSSL to the latest version:

brew update
brew install openssl
brew unlink openssl
brew link --force openssl

If you run the initial checks again, you should see the first 2 pointing to the newly installed OpenSSL. Ruby will most likely still point to the old one since it was compiled with it.

If it is pointing to the old version, let's recompile Ruby and point it to the new one. And just to be sure that it will use the correct version, let's pass the OpenSSL prefix -- although this shouldn't be needed since we linked homebrew's OpenSSL.

rvm get stable
rvm install ruby-2.1.6 --with-openssl-dir=`brew --prefix openssl`

(or rvm reinstall if you're already using 2.1.6)

This should do it.

rvm can't compile ruby: fails openssl check

Upon closer review, I realized I had an openssl directory (containing version 3) in /usr/local/include and that was on the include path ahead of the directory I specfied with the --with-openssl-dir option.

I fixed it by renaming /usr/local/include/openssl to /usr/local/include/openssl_hideme; after that, the extension compiler found the version I wanted.

I would have guessed that includes on the command line would be put in front of the path, but lesson learned.

---

Related Topics