OpenSSL :: OPENSSL_VERSION_NUMBER何时何地设置?为什么不设置我刚刚安装的最新的OpenSSL?
首先错误:
- $gem install activesupport -v '3.2.13'
- Error while executing gem ... (RuntimeError)
- Unsupported digest algorithm (SHA512)
如果我直接进入irb,我可以看到Ruby正在使用“旧”openssl:
- $irb
- >> require 'openssl'
- => true
- >> OpenSSL::Digest.new('sha512')
- RuntimeError: Unsupported digest algorithm (sha512)
- >> OpenSSL::OPENSSL_VERSION_NUMBER.to_s(16)
- "9070cf"
这告诉我,Ruby没有找到我刚刚构建的OpenSSL的本地版本,它应该至少为0x908000.相关代码:
- # file: usr/lib/ruby/2.0.0/openssl/digest.rb
- ...
- alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
- if OPENSSL_VERSION_NUMBER > 0x00908000
- alg += %w(SHA224 SHA256 SHA384 SHA512)
- end
解释为什么没有找到SHA512.
但是我不知道为什么Ruby使用旧版本的OpenSSL.我用新的来源构建了OpenSSL和Ruby
- SANDBox=/Users/me/sandBoxes/ruby2
- PATH=$(SANDBox)/usr/bin:$(PATH)
- # Create a fresh OpenSSL from sources
- (downloaded and unpacked http://www.openssl.org/source/openssl-1.0.1e.tar.gz)
- $./config --prefix=$(SANDBox)/usr --openssldir=$(SANDBox)/usr/openssl
- $make ; make install ; make clean
- # verify openssl
- $which openssl
- /Users/me/sandBoxes/ruby2/usr/bin/openssl
- $openssl version
- OpenSSL 1.0.1e 11 Feb 2013
- # Create a fresh Ruby from sources
- (download and unpack http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz)
- $./configure --prefix=$(SANDBox)/usr --with-open-ssl-dir=$(SANDBox)/usr/openssl
- $make ; make intalll ; make clean
- # verify ruby
- $which ruby
- /Users/me/sandBoxes/ruby2/usr/bin/ruby
但是这个ruby似乎并没有找到刚刚构建的openssl 1.0.1e.
我的理解是,./configure的–with-open-ssl-dir参数是必要的,足以告诉ruby使用新的OpenSSL,但这似乎不起作用.
有关如何让Ruby识别我建立的新OpenSSL的任何想法?
我试过运行ruby extconf.rb;做;按照@Gaurish(下面)的建议进行安装,但仍然发现系统中安装了OpenSSL,而不是在我的项目根目录中.
解决方法
TL; DR
当OpenSSL更改时,始终重新编译Ruby或openssl本机扩展.
为什么
即使链接到共享的OpenSSL库,Ruby也将OpenSSL版本编译为openssl本机扩展.重新安装Ruby或重新编译openssl扩展来修复它.
- $ruby -ropenssl -e'puts OpenSSL::OPENSSL_VERSION'
- OpenSSL 1.0.2e 3 Dec 2015
- $/usr/local/opt/openssl/bin/openssl version
- OpenSSL 1.0.2g 1 Mar 2016
- $strings {{redacted}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle | grep '1.0.2'
- OpenSSL 1.0.2e 3 Dec 2015
- $otool -L {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle
- {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle:
- {{redacted}}/ruby-2.3.0/lib/libruby.2.3.0.dylib (compatibility version 2.3.0,current version 2.3.0)
- /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0,current version 1.0.0)
- /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0,current version 1.0.0)
- /usr/lib/libz.1.dylib (compatibility version 1.0.0,current version 1.2.5)
- /usr/lib/libSystem.B.dylib (compatibility version 1.0.0,current version 1226.10.1)
- /usr/local/opt/gmp/lib/libgmp.10.dylib (compatibility version 14.0.0,current version 14.0.0)
- /usr/lib/libobjc.A.dylib (compatibility version 1.0.0,current version 228.0.0)
我们使用ruby-install和chruby.而不是/ opt / rubies,我们使用/usr/local / rubies来避免sudo.你也可以sudo ln -s /usr/local / rubies / opt / rubies如果你不想打扰设置RUBIES为chruby.
- brew install openssl && \
- ruby-install ruby-2.3.0 \
- --no-install-deps \
- -- \
- --without-X11 \
- --without-tk \
- --enable-shared \
- --disable-install-doc \
- --with-openssl-dir="$(brew --prefix openssl)"
更新
还有另外一个常量,它来源于实际加载的OpenSSL库.
OpenSSL的:: OPENSSL_LIBRARY_VERSION