Do you need help on a specific subject? Use the contact form (Request a blog entry) on the right hand side.


Swift and OpenSSL Part 1: Setting up from scratch

Secure Sockets: You know you should, you even want to, but a first look at the  Oh sh!t... that looks like a ton of work..., let me do a google and see where I can simply download something .... Ughhh, where are the easy to read articles... where... never mind... some other day perhaps...

Well, that day has arrived :-)

This is the first part in a short series of posts on how to use OpenSSL from Swift. In this first part we have a look at how to install OpenSSL on our Mac so we can to link it with our software.

In case you are wondering: Is there not an easy way to do this, like downloading a library or so?

Yes, that is possible, but also very strongly discouraged! The reason to use a security product like OpenSSL is that we want our customers to be safe. That safety starts when we download OpenSSL from the source, verify the checksums, and compile it on our own machines. If we are not prepared to do that, then we can just as well forget about security because it would be all cosmetics. So forget MacPorts or Homebrew, do this yourself. You owe it to your customers.

The download link for openssl is:

This series will use the openSSL version 1.1.0 series. Simply right-click the openssl-1.1.0c.tar.gz file and select "save-as" to download it to your downloads folder. (The c release was the most current version at the time of writing)

Use the save-as option because we want the openssl-1.1.0c.tar.gz file.

Also download the sha256 checksum.

After the download finishes, open up a terminal window and cd to the download folder. Calculate the sha256 checksum of the gz file with:

> shasum -a 256 openssl-1.1.0c.tar.gz

The next line should display the checksum. Compare that with the downloaded checksum, they should be equal of course. (Open a text editor and put the two checksums below each other, that way it is easy to verify)

Now unpack the gz and tar file to obtain the openssl-1.1.0c folder. A singe double click should do the trick.

Btw: You may not know it, but there are significant changes between version 1.0.2 and 1.1.0. This series is written for 1.1.0 and will not work with 1.0.2.

You can copy the folder to any other place, but I just leave it in downloads for the time being.

Next we should build the libraries and include files.

The OpenSSL 1.1.0 installer needs PERL 5.10 or later. My system has 5.18, so yours will probably be up to date as wel (I do not remember upgrading to a new version...)

Just type:

> perl -v

in a terminal window.

The installation instructions on are a little confusing, but we are in luck because the process is very simple. In the INSTALL file in the openssl-1.1.0c directory we find the proper installation instructions for Unix.

By default openssl will be installed in /usr/local. You could check if there is already something there, from an earlier installation. If there is, you will need to decide to override or choose a different location. For changes to the default location, see the INSTALL document.

Note that the wrapper I will be talking about in coming posts will assume that openSSL is installed in the default location.

First we run config:

Note: Do this while the terminal prompt is in the openssl-1.1.0 directory!

> ./config

Messages start flashing over the screen, but it is over rather quick.
I did not encounter any visible issues.

Next is:

> make

This take a little longer. Seemingly a lot of stuff is being compiled...

When it stops (and again no visible problems) it is time to test:

> make test

A lot of tests are executed, while some may be skipped. As long as the result shows:

All tests successful.
Files=89, Tests=477, 44 wallclock secs ( 0.37 usr  0.16 sys + 30.58 cusr  7.34 csys = 38.45 CPU)
Result: PASS

(Note that the number of files and tests may differ)

you are in for the next step:

> sudo make install

Again a lot of text scrolls over the screen, but at the end of it, its ready. (Note that this step took by far the most time)

Note that if you forget 'sudo' you will get a lot of errors. Also note that the INSTALL document does not mention sudo.

For this series, we will be talking about coding. Not tool usage. Hence we do not need to adjust PATH variables or anything.

Happy coding...

Did this help?, then please help out a small independent.
If you decide that you want to make a small donation, you can do so by clicking this
link: a cup of coffee ($2) or use the popup on the right hand side for different amounts.
Payments will be processed by PayPal, receiver will be sales at balancingrock dot nl
Bitcoins will be gladly accepted at: 1GacSREBxPy1yskLMc9de2nofNv2SNdwqH

We don't get the world we wish for... we get the world we pay for.

No comments:

Post a Comment