1.0.1hは CVE-2014-0224 対策版です。
早めに更新しましょう。
バージョン確認
OpenSSL 1.0.1gです。
$ openssl version OpenSSL 1.0.1g 7 Apr 2014 $ brew info openssl openssl: stable 1.0.1g (bottled) http://openssl.org This formula is keg-only. Mac OS X already provides this software and installing another version in parallel can cause all kinds of trouble. The OpenSSL provided by OS X is too old for some software. /usr/local/Cellar/openssl/1.0.1g (429 files, 15M) * Poured from bottle From: https://github.com/Homebrew/homebrew/commits/master/Library/Formula/openssl.rb ==> Dependencies Build: makedepend ✘ ==> Options --universal Build a universal binary ==> Caveats A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in /usr/local/etc/openssl/certs and run /usr/local/opt/openssl/bin/c_rehash
まずhomebrewのデータベースを更新
$ brew update (返答略)
更新できたか確認します。
$ brew info openssl openssl: stable 1.0.1h (bottled) http://openssl.org This formula is keg-only. Mac OS X already provides this software and installing another version in parallel can cause all kinds of trouble. The OpenSSL provided by OS X is too old for some software. /usr/local/Cellar/openssl/1.0.1g (429 files, 15M) * Poured from bottle From: https://github.com/Homebrew/homebrew/commits/master/Library/Formula/openssl.rb ==> Dependencies Build: makedepend ✘ ==> Options --universal Build a universal binary --without-check Skip build-time tests (not recommended) ==> Caveats A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in /usr/local/etc/openssl/certs and run /usr/local/opt/openssl/bin/c_rehash
更新できてます。
OpenSSL更新
$ brew upgrade openssl ==> Upgrading 1 outdated package, with result: openssl 1.0.1h ==> Upgrading openssl ==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/openssl-1.0 ######################################################################## 100.0% ==> Pouring openssl-1.0.1h.mavericks.bottle.tar.gz ==> Caveats A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in /usr/local/etc/openssl/certs and run /usr/local/opt/openssl/bin/c_rehash This formula is keg-only, so it was not symlinked into /usr/local. Mac OS X already provides this software and installing another version in parallel can cause all kinds of trouble. The OpenSSL provided by OS X is too old for some software. Generally there are no consequences of this for you. If you build your own software and it requires this formula, you'll need to add to your build variables: LDFLAGS: -L/usr/local/opt/openssl/lib CPPFLAGS: -I/usr/local/opt/openssl/include ==> Summary 🍺 /usr/local/Cellar/openssl/1.0.1h: 429 files, 14M
利用可能か確認
$ openssl version -bash: /usr/local/bin/openssl: No such file or directory $ which openssl /usr/bin/openssl
ダメです。インストールログに
This formula is keg-only, so it was not symlinked into /usr/local.
とあったように、まだリンクされていません。
homebrewでインストールしたOpenSSLを使うようにリンクさせる
$ brew link openssl --force Linking /usr/local/Cellar/openssl/1.0.1h... 1139 symlinks created $ openssl version OpenSSL 1.0.1h 5 Jun 2014 $ which openssl /usr/local/bin/openssl
これでOpenSSL 1.0.1hが利用可能になりました。