Homebrew
Can Homebrew formulae be configured to link against macOS's built-in LibreSSL? #83
-
|
I often work in scenarios where custom trusted CA certificates may need to be configured. In some cases, these may be configured via MDM, or other means, by IT departments and they already exist in the macOS keychain. It's my understanding that the built-in LibreSSL libraries that come with macOS are able to use the keychain as a certificate store. With that being the case, it would be useful to be able to install packages via Homebrew which can use this library so that I don't have to configure my own certificates on top of what's already been provided. Normally I see references to OpenSSL in the compilation process. Can this be overridden to point to the built-in LibreSSL? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Most of the formulae built by Homebrew links against our brewed copy of openssl, as you correctly note. This is because Apple doesn't really officially support its internal copy of libressl for use by non-Apple parties. I believe apps that want to use the system certificate store need to use Secure Transport. You could probably script something that synchronizes the system certificates with certificate files that brewed openssl understands. |
Beta Was this translation helpful? Give feedback.
Most of the formulae built by Homebrew links against our brewed copy of openssl, as you correctly note. This is because Apple doesn't really officially support its internal copy of libressl for use by non-Apple parties. I believe apps that want to use the system certificate store need to use Secure Transport. You could probably script something that synchronizes the system certificates with certificate files that brewed openssl understands.