Do you need help on a specific subject? Use the contact form (Request a blog entry) on the right hand side.


OSX Receipt validation in Swift, part 2: Adding openSSL to the project

So, first things first: OpenSSL

Since my mac is still on openSSL 0.9.8zd (in a terminal type: 'openssl version') I wanted to upgrade to the latest and greatest (currently 1.0.2a)

Since I have no intention on becoming an openSSL expert, I am choosing the easy route: I will use MacPorts to get the latest openSSL.

I installed MacPorts from the install package ( That went without a hitch.

Now we can install openSSL and build the three libraries that are needed: libcrypto.a, libssl.a and libz.a

In a new terminal window (note: I used a new terminal to ensure that any macports settings are active, but I have not checked if this is necessary) type:

$ sudo port install openssl

Add the root password and you'll see the following:

--->  Computing dependencies for openssl
--->  Dependencies to be installed: zlib
--->  Fetching archive for zlib
--->  Attempting to fetch zlib-1.2.8_0.darwin_14.x86_64.tbz2 from
--->  Attempting to fetch zlib-1.2.8_0.darwin_14.x86_64.tbz2.rmd160 from
--->  Installing zlib @1.2.8_0
--->  Activating zlib @1.2.8_0
--->  Cleaning zlib
--->  Fetching archive for openssl
--->  Attempting to fetch openssl-1.0.2a_0.darwin_14.x86_64.tbz2 from
--->  Attempting to fetch openssl-1.0.2a_0.darwin_14.x86_64.tbz2.rmd160 from
--->  Installing openssl @1.0.2a_0
--->  Activating openssl @1.0.2a_0
--->  Cleaning openssl
--->  Updating database of binaries
--->  Scanning binaries for linking errors

--->  No broken files found.

Since I used the default settings, the libraries are generated into /opt/local/lib and the associated headers are in /opt/local/include/openssl. The binaries (not needed) are in /opt/local/bin. The result is that the already installed openssl binaries are not affected. I.e. if I type 'openssl version' I still get version 0.9.8zd. Currently I am fine with that, but in the future I will probably want to upgrade that version of openssl as well.
(PS: When I type '/opt/local/bin/openssl version' then the newly installed version 1.0.2a is of course reported)

I keep all project related stuff together in a directory in ~/Documents/Projects/<projectName>. For example the xcode workspace for MyGreatApp is in ~/Documents/Projects/MyGreatApp/xcode/MyGreatApp.xcworkspace. Thus the openssl libraries and the headers are copied to ~/Documents/Projects/MyGreatApp/openssl/include/openssl and ~/Documents/Projects/MyGreatApp/openssl/lib:

$ cp /opt/local/lib/libcrypto.a ~/Documents/Projects/MyGreatApp/openssl/lib/
$ cp /opt/local/lib/libssl.a ~/Documents/Projects/MyGreatApp/openssl/lib/
$ cp /opt/local/lib/libz.a ~/Documents/Projects/MyGreatApp/openssl/lib/
$ cp /opt/local/include/openssl/*.h ~/Documents/Projects/MyGreatApp/openssl/include/openssl/

In Xcode the three libraries (libcrypto.a, libssl.a and libz.a) are added to the target using the "General" panel, section "Linked Frameworks and Libraries". In the panel "Build Settings", section "Search Paths" add the "~/Documents/Projects/MyGreatApp/openssl/include" to the field "Header Search Paths"

Note: The above might seem a bit strange, why create an "openssl" directory in the "include" directory? The reason is that the openssl header files include each other by using "# import <openssl/***.h>". This means that we cannot put the header files in "include" but have to create a subdirectory "openssl" to contain the headers. Also the "Header Search Paths" must point to "include" rather than "openssl" so that Xcode will append the "openssl/***.h" to "include" and thus arrive at the correct destination. Of course we also need to use #import "openssl/***.h" in our bridging header file as well.

The bridging header file needs to be updated for 3 openssl headers: "openssl/pkcs7.h", "openssl/objects.h" and "openssl/x509.h". Add the import statements for these to your bridging header MyGreatApp-Bridging-Header.h.

After the headers are copied, we need to update the openssl/rsa.h file because of a clash it will generate with the "complex.h" file in the xcode distribution.
Open up the openssl/rsa.h file and edit it as follows right at the beginning:

#ifdef  __cplusplus
extern "C" {

/* Declared already in ossl_typ.h */
/* typedef struct rsa_st RSA; */
/* typedef struct rsa_meth_st RSA_METHOD; */

/* This gets rid of a clash with complex.h */
# undef I

struct rsa_meth_st {

    const char *name;

Only the part in red has to be added. The "# undef I" removes the definition of I from complex.h just before it is used in rsa.h.

That wraps it up for openSSL. See you in part 3: The Apple root certificate

Happy coding...

Did this help?, then please help out a small independent.
If you decide that you want to make a small donation, you can do so by clicking this
link: a cup of coffee ($2) or use the popup on the right hand side for different amounts.
Payments will be processed by PayPal, receiver will be sales at balancingrock dot nl
Bitcoins will be gladly accepted at: 1GacSREBxPy1yskLMc9de2nofNv2SNdwqH

We don't get the world we wish for... we get the world we pay for.

No comments:

Post a Comment