tls/source/openssl.md

# OpenSSL notes

## Installation

### OpenBSD (6.3)

- The `pkg-config` command comes with the OS.
- The OS comes with LibreSSL 2.7.2.
- The `pkg-config --cflags --libs openssl` command works out of the
  box and finds the system library.

### NetBSD (7.1)

- The `pkg-config` command needs to be installed separately with `sudo
  pkg_add pkgconf` (or `sudo pkg_add pkg-config`).
- The OS comes with OpenSSL 1.0.1u.
- Even though the OS does not come with a pkg-config command, it does
  ship with an openssl.pc file, so once you install pkg-config the
  `pkg-config --cflags --libs openssl` finds the system library.
- However, the native OpenSSL 1.0.1 is older than the version 1.0.2
  required by the Chicken egg. Users need to `sudo pkg_add libressl`
  or `sudo pkg_add openssl` from the OS package manager.
- After doing that, `pkg-config --cflags --libs openssl` points to the
  OpenSSL or LibreSSL version from the package manager, which
  automatically overrides the native version for this purpose.

### FreeBSD (12.0) and DragonFlyBSD (5.6)

- The `pkg-config` command needs to be installed separately with `sudo
  pkg install pkgconf`.
- The OS comes with OpenSSL 1.1.1a-freebsd (FreeBSD) or LibreSSL 2.9.1
  (DragonFly) but neither FreeBSD nor DragonFly ships with a
  complementary openssl.pc file for pkg-config.
- Therefore `pkg-config --cflags --libs openssl` still does not work.
- Easiest fix: tell people to `sudo pkg install libressl` or `sudo pkg
  install openssl`.
- Then `pkg-config --cflags --libs openssl` finds that copy of
  libressl or openssl.

### MacOS (10.14 "Mojave")

- The `pkg-config` command needs to be installed separately (Homebrew:
  `brew install pkg-config`).
- The OS comes with LibreSSL 2.6.5 but does not ship with an
  openssl.pc file. Also, the <openssl/ssl.h> and other necessary C
  header files may not be installed even though the shared library is.
- Easiest fix: tell people to use Homebrew to install an
  OpenSSL-compatible library: `brew install openssl` or `brew install
  libressl`.
- `pkg-config --cflags --libs openssl` does not work even when you
  have installed the separate package from Homebrew, because Homebrew
  packages don't put their `.pc` files where pkg-config can find them.
- That can be remedied with:

      export PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig"
      export PKG_CONFIG_PATH="$(brew --prefix libressl)/lib/pkgconfig"

- Then `pkg-config --cflags --libs openssl` finds that copy of
  libressl or openssl.

IMPORTANT: In many of the above cases, the `openssl` shell command can
represent a different version of OpenSSL/LibreSSL than the library and
headers found by pkg-config. So `openssl` should not be invoked to
gather any version information in build scripts.
Initial commit 2022-12-02 05:28:57 -05:00			`# OpenSSL notes`

			`## Installation`

			`### OpenBSD (6.3)`

			- The `pkg-config` command comes with the OS.
			`- The OS comes with LibreSSL 2.7.2.`
			- The `pkg-config --cflags --libs openssl` command works out of the
			`box and finds the system library.`

			`### NetBSD (7.1)`

			- The `pkg-config` command needs to be installed separately with `sudo
			pkg_add pkgconf` (or `sudo pkg_add pkg-config`).
			`- The OS comes with OpenSSL 1.0.1u.`
			`- Even though the OS does not come with a pkg-config command, it does`
			`ship with an openssl.pc file, so once you install pkg-config the`
			`pkg-config --cflags --libs openssl` finds the system library.
			`- However, the native OpenSSL 1.0.1 is older than the version 1.0.2`
			required by the Chicken egg. Users need to `sudo pkg_add libressl`
			or `sudo pkg_add openssl` from the OS package manager.
			- After doing that, `pkg-config --cflags --libs openssl` points to the
			`OpenSSL or LibreSSL version from the package manager, which`
			`automatically overrides the native version for this purpose.`

			`### FreeBSD (12.0) and DragonFlyBSD (5.6)`

			- The `pkg-config` command needs to be installed separately with `sudo
			pkg install pkgconf`.
			`- The OS comes with OpenSSL 1.1.1a-freebsd (FreeBSD) or LibreSSL 2.9.1`
			`(DragonFly) but neither FreeBSD nor DragonFly ships with a`
			`complementary openssl.pc file for pkg-config.`
			- Therefore `pkg-config --cflags --libs openssl` still does not work.
			- Easiest fix: tell people to `sudo pkg install libressl` or `sudo pkg
			install openssl`.
			- Then `pkg-config --cflags --libs openssl` finds that copy of
			`libressl or openssl.`

			`### MacOS (10.14 "Mojave")`

			- The `pkg-config` command needs to be installed separately (Homebrew:
			`brew install pkg-config`).
			`- The OS comes with LibreSSL 2.6.5 but does not ship with an`
			`openssl.pc file. Also, the <openssl/ssl.h> and other necessary C`
			`header files may not be installed even though the shared library is.`
			`- Easiest fix: tell people to use Homebrew to install an`
			OpenSSL-compatible library: `brew install openssl` or `brew install
			libressl`.
			- `pkg-config --cflags --libs openssl` does not work even when you
			`have installed the separate package from Homebrew, because Homebrew`
			packages don't put their `.pc` files where pkg-config can find them.
			`- That can be remedied with:`

			`export PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig"`
			`export PKG_CONFIG_PATH="$(brew --prefix libressl)/lib/pkgconfig"`

			- Then `pkg-config --cflags --libs openssl` finds that copy of
			`libressl or openssl.`

			IMPORTANT: In many of the above cases, the `openssl` shell command can
			`represent a different version of OpenSSL/LibreSSL than the library and`
			headers found by pkg-config. So `openssl` should not be invoked to
			`gather any version information in build scripts.`