Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-439

Erlang crypto incorrectly linked on macOS 10.13

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 20.0, 19.3
    • Fix Version/s: 20.1
    • Component/s: crypto
    • Labels:
      None

      Description

      Apple has removed OpenSSL on macOS 10.13.

      Instead they are internally using BoringSSL and have replaced the default OpenSSL installation with LibreSSL.

      Using a standard Erlang installation from brew anything that calls crypto crashes on 10.13 because dynamic linking is hitting Apples modified version of BoringSSL instead of LibreSSL or OpenSSL.

      I have tried compiling with the following flags:

      --disable-dynamic-ssl-lib
      --with-ssl=#{Formula["openssl"].opt_prefix}
      --with-ssl-rpath=no
      

      but they don't seem to help.

      Here's an example triggering the bug

      Eshell V9.0  (abort with ^G)
      1> ssl:start().
      ok
      2> ssl:connect("google.com", 443, []).
      Assertion failed: (ctx), function digest_update, file /BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-88.0.0.1.1/apple/crypto/digests.c, line 47.
      

      In discussion with Apple they seem to think the issue is that it is compiling as FLATNAMESPACE and it has to be TWOLEVEL.

      If you run otool it will report if it’s two level.

      otool -hV

      will return FLATNAMESPACE or TWOLEVEL

      The Crypto lib is not TWOLEVEL.

        Attachments

          Activity

            People

            Assignee:
            bjorn Björn Gustavsson
            Reporter:
            idyll Mark Madsen
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: