When OpenSSL changes, always recompile Ruby or the openssl native extension.
Why
Ruby compiles the OpenSSL version into the openssl native extension, even when it links to a shared OpenSSL library. Either reinstall Ruby or recompile the openssl extension to fix it.
$ ruby -ropenssl -e'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.2e 3 Dec 2015
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2g 1 Mar 2016
$ strings {{redacted}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle | grep '1.0.2'
OpenSSL 1.0.2e 3 Dec 2015
$ otool -L {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle
{{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle:
{{redacted}}/ruby-2.3.0/lib/libruby.2.3.0.dylib (compatibility version 2.3.0, current version 2.3.0)
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
/usr/local/opt/gmp/lib/libgmp.10.dylib (compatibility version 14.0.0, current version 14.0.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
We use ruby-install and chruby. Instead of /opt/rubies
, we use /usr/local/rubies
to avoid sudo
. You can also sudo ln -s /usr/local/rubies /opt/rubies
if you don't want to bother setting RUBIES
for chruby.
brew install openssl && \
ruby-install ruby-2.3.0 \
--no-install-deps \
-- \
--without-X11 \
--without-tk \
--enable-shared \
--disable-install-doc \
--with-openssl-dir="$(brew --prefix openssl)"
Update
There's yet another constant which is derived from the actual, loaded OpenSSL library.
OpenSSL::OPENSSL_LIBRARY_VERSION