How to change openssl version in OSX 10.6.4

I’ve some troubles with old openssl, distributed with new security patch to 10.6.4 Snow Leopard. So I’ve decided to change/replace openssl, both system-wide and installed one by macports.

The troubles was caused by new change in openssl-0.9.8l

Disable renegotiation completely – this fixes a severe security problem (CVE-2009-3555) at the cost of breaking all renegotiation. Renegotiation can be re-enabled by setting SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at run-time. This is really not recommended unless you know what you’re doing.

Important notes:

  • backup your system
  • do NOT try to compile & install anything else than darwin64_x86_64 – it may lead to unbootable system

steps:

  • download appropriate openssl source from openssl.org website (eg. 1.0.0a)
  • unpack
  • and then:
  • get openssldir

so we get OPENSSLDIR, and use it as -openssldir for BOTH cases

then you need to repeat for macports

then you could uninstall eg. curl and install again

Leave a Reply

Your email address will not be published. Required fields are marked *

58 + = 68