Ruby not finding new version of OpenSSL

StackOverflow https://stackoverflow.com/questions/15907103

Where and when does OpenSSL::OPENSSL_VERSION_NUMBER get set? And why isn't it getting set to the latest OpenSSL that I've just installed?

First the error(s):

$ gem install activesupport -v '3.2.13'
Error while executing gem ... (RuntimeError)
Unsupported digest algorithm (SHA512)

If I go directly into irb, I can see that Ruby is using the "old" openssl:

$ irb
>> require 'openssl'
=> true
>> OpenSSL::Digest.new('sha512')
RuntimeError: Unsupported digest algorithm (sha512)
>> OpenSSL::OPENSSL_VERSION_NUMBER.to_s(16)
"9070cf"

This tells me that Ruby isn't finding the local version of OpenSSL that I just built, which should be at least 0x908000. The relevant code:

# file: usr/lib/ruby/2.0.0/openssl/digest.rb
...
alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
if OPENSSL_VERSION_NUMBER > 0x00908000
  alg += %w(SHA224 SHA256 SHA384 SHA512)
end

explains why it's not finding SHA512.

But I don't know why Ruby is using the old version of OpenSSL. I built OpenSSL and Ruby from fresh sources using

SANDBOX=/Users/me/sandboxes/ruby2
PATH=$(SANDBOX)/usr/bin:$(PATH)

# Create a fresh OpenSSL from sources
(downloaded and unpacked http://www.openssl.org/source/openssl-1.0.1e.tar.gz)
$ ./config --prefix=$(SANDBOX)/usr --openssldir=$(SANDBOX)/usr/openssl
$ make ; make install ; make clean
# verify openssl
$ which openssl
/Users/me/sandboxes/ruby2/usr/bin/openssl
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

# Create a fresh Ruby from sources
(download and unpack http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz)
$ ./configure --prefix=$(SANDBOX)/usr --with-open-ssl-dir=$(SANDBOX)/usr/openssl
$ make ; make intalll ; make clean
# verify ruby
$ which ruby
/Users/me/sandboxes/ruby2/usr/bin/ruby

But this ruby doesn't appear to find the openssl 1.0.1e that I just built.

My understanding was that the --with-open-ssl-dir argument to ./configure was necessary and sufficient to tell ruby to use the new OpenSSL, but that didn't seem to work.

Any ideas on how to get Ruby to recognize the new OpenSSL that I've built?

I've tried running ruby extconf.rb ; make ; make install as suggested by @Gaurish (below), but that still finds the OpenSSL installed in the system, not in my project root directory.

有帮助吗?

解决方案

TL;DR

When OpenSSL changes, always recompile Ruby or the openssl native extension.

Why

Ruby compiles the OpenSSL version into the openssl native extension, even when it links to a shared OpenSSL library. Either reinstall Ruby or recompile the openssl extension to fix it.

$ ruby -ropenssl -e'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.2e 3 Dec 2015
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2g  1 Mar 2016
$ strings {{redacted}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle | grep '1.0.2'
OpenSSL 1.0.2e 3 Dec 2015
$ otool -L {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle
{{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle:
        {{redacted}}/ruby-2.3.0/lib/libruby.2.3.0.dylib (compatibility version 2.3.0, current version 2.3.0)
        /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
        /usr/local/opt/gmp/lib/libgmp.10.dylib (compatibility version 14.0.0, current version 14.0.0)
        /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)

We use ruby-install and chruby. Instead of /opt/rubies, we use /usr/local/rubies to avoid sudo. You can also sudo ln -s /usr/local/rubies /opt/rubies if you don't want to bother setting RUBIES for chruby. 

brew install openssl && \
ruby-install ruby-2.3.0 \
  --no-install-deps \
  -- \
  --without-X11 \
  --without-tk \
  --enable-shared \
  --disable-install-doc \
  --with-openssl-dir="$(brew --prefix openssl)"

Update

There's yet another constant which is derived from the actual, loaded OpenSSL library.

OpenSSL::OPENSSL_LIBRARY_VERSION

其他提示

Turns out, to get OpenSSL to compile and install with Ruby on Ubuntu, you need to follow these steps after you've installed ruby:

cd ruby_src_dir/ext/openssl
ruby extconf.rb
make
make install

Let me know if it works

I think the correct flag to pass to ./configure is --with-openssl-dir, not --with-open-ssl-dir.

Also, the correct value to pass to --with-openssl-dir in this case is $SANDBOX/usr, not $SANDBOX/usr/openssl.

Moreover, you might need to compile OpenSSL for 64-bit architecture.

This process worked for me (OS X 10.8):

$ export SANDBOX=/Users/me/sandboxes/ruby2
$ mkdir -p $SANDBOX/usr/bin

# Install OpenSSL 1.0.1e
$ curl -O http://www.openssl.org/source/openssl-1.0.1e.tar.gz
$ tar -xzvf openssl-1.0.1e.tar.gz
$ cd openssl-1.0.1e
# Copied from the Homebrew recipe for OpenSSL
$ perl ./Configure --prefix=$SANDBOX/usr --openssldir=$SANDBOX/usr/openssl zlib-dynamic shared darwin64-x86_64-cc enable-ec_nistp_64_gcc_128
$ make depend
$ make
$ make install

# Install Ruby 2.0.0-p0
$ curl -O http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz
$ tar -xzvf ruby-2.0.0-p0.tar.gz
$ cd ruby-2.0.0-p0
$ ./configure --prefix=$SANDBOX/usr --with-openssl-dir=$SANDBOX/usr
$ make
$ make install

# Setting PATH before compiling Ruby can can cause the compilation to fail
$ export PATH=$SANDBOX/usr/bin:$PATH
$ which ruby #=>/Users/me/sandboxes/ruby2/usr/bin/ruby
$ which openssl #=> /Users/me/sandboxes/ruby2/usr/bin/openssl
$ openssl version #=> OpenSSL 1.0.1e 11 Feb 2013

$ irb
>> require "openssl"
=> true
>> OpenSSL::Digest.new("sha512")
=> #<OpenSSL::Digest: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e>

You could also install Homebrew and chruby (or rbenv) and follow the instructions for installing Ruby 2.0.0 for chruby:

brew install openssl readline libyaml gdbm libffi
wget http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz
tar -xzvf ruby-2.0.0-p0.tar.gz
cd ruby-2.0.0-p0
./configure --prefix=/opt/rubies/ruby-2.0.0-p0 --with-openssl-dir=$(brew --prefix openssl)
make
sudo make install

Old question but still relevant if you have to deal with old setups:

In my case the problem lay within the OpenSSL installation. As described in this blog you have to make sure the shared libraries are installed with OpenSSL :

$ ./config --prefix=/path/to/openssl-0.9.8g shared
$ make depend
$ make
$ make install

And then installed OpenSSL as usual.

For ruby I used this configure line:

$ ./configure --prefix=/path/to/ruby-2.2.2/ --with-openssl-dir=/path/to/openssl-0.9.8g
$ make
$ make install

Result:

$ /path/to/ruby-2.2.2/bin/irb
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::Digest.new('sha512')
=> #<OpenSSL::Digest: cf83e13000efb8bd00042850d66d8007d620e4050b0005dc83f4a921d36ce00047d0d13c5d85f2b0ff8318d2877eec2f000931bd47417a81a538327af927da3e>

For mac

sudo gem install openssl --install-dir vendor/bundle -- --with-openssl-dir=/usr/local/Cellar/openssl@1.1/1.1.1k

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top