class OpensslAT3 < Formula desc "Cryptography and SSL/TLS Toolkit" homepage "https://openssl.org/" url "https://www.openssl.org/source/openssl-3.1.3.tar.gz" mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-3.1.3.tar.gz" mirror "https://www.openssl.org/source/old/3.1/openssl-3.1.3.tar.gz" mirror "https://www.mirrorservice.org/sites/ftp.openssl.org/source/old/3.1/openssl-3.1.3.tar.gz" mirror "http://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-3.1.3.tar.gz" mirror "http://www.mirrorservice.org/sites/ftp.openssl.org/source/old/3.1/openssl-3.1.3.tar.gz" sha256 "f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6" license "Apache-2.0" livecheck do url "https://www.openssl.org/source/" regex(/href=.*?openssl[._-]v?(\d+(?:\.\d+)+)\.t/i) end bottle do sha256 arm64_sonoma: "fd6e90e00f1c395feb60d0244eb66583caab494f8e0a0988afaa838511265d98" sha256 arm64_ventura: "297a2c1c5cc8a43dd60afd548326caf13e2b5ebefe56215068d7b1aafd3134ae" sha256 arm64_monterey: "69ccfadb162202358150af54d1df8f454745b8975f9ca0694a34a1eaf0c26982" sha256 arm64_big_sur: "becff25b568741734f1026bfadc774447a66b025e91630e75b9ad8f0bb2250cb" sha256 sonoma: "b3c246dae84e6fe84b9c1a896bf7392aa457667c580509c6161d71e440636d1e" sha256 ventura: "2cc86941823ff633c21ef3533d7a106c4bddbcb35adac8fa6ef2d039c0860cdd" sha256 monterey: "f563de8198ba01ba3549d496b0775314619dba70ac8b2583ac76e3a5646b850f" sha256 big_sur: "54a0798dcff31fc2840554213157b1acd31ee862ccce8554dd3c6860583178b7" sha256 x86_64_linux: "bd50b79ca656395601c950729ac37ae2eb6cf798a38169dfe1902b675cb9e52f" end depends_on "ca-certificates" on_linux do resource "Test::Harness" do url "https://cpan.metacpan.org/authors/id/L/LE/LEONT/Test-Harness-3.44.tar.gz" mirror "http://cpan.metacpan.org/authors/id/L/LE/LEONT/Test-Harness-3.44.tar.gz" sha256 "7eb591ea6b499ece6745ff3e80e60cee669f0037f9ccbc4e4511425f593e5297" end resource "Test::More" do url "https://cpan.metacpan.org/authors/id/E/EX/EXODIST/Test-Simple-1.302195.tar.gz" mirror "http://cpan.metacpan.org/authors/id/E/EX/EXODIST/Test-Simple-1.302195.tar.gz" sha256 "b390bb23592e0b946c95adbb3c30b11bc634a286b2847be611ad929c57e39a6c" end resource "ExtUtils::MakeMaker" do url "https://cpan.metacpan.org/authors/id/B/BI/BINGOS/ExtUtils-MakeMaker-7.70.tar.gz" mirror "http://cpan.metacpan.org/authors/id/B/BI/BINGOS/ExtUtils-MakeMaker-7.70.tar.gz" sha256 "f108bd46420d2f00d242825f865b0f68851084924924f92261d684c49e3e7a74" end end link_overwrite "bin/c_rehash", "bin/openssl", "include/openssl/*" link_overwrite "lib/libcrypto*", "lib/libssl*" link_overwrite "lib/pkgconfig/libcrypto.pc", "lib/pkgconfig/libssl.pc", "lib/pkgconfig/openssl.pc" link_overwrite "share/doc/openssl/*", "share/man/man*/*ssl" # SSLv2 died with 1.1.0, so no-ssl2 no longer required. # SSLv3 & zlib are off by default with 1.1.0 but this may not # be obvious to everyone, so explicitly state it for now to # help debug inevitable breakage. def configure_args args = %W[ --prefix=#{prefix} --openssldir=#{openssldir} --libdir=#{lib} no-ssl3 no-ssl3-method no-zlib ] on_linux do args += (ENV.cflags || "").split args += (ENV.cppflags || "").split args += (ENV.ldflags || "").split end args end def install if OS.linux? ENV.prepend_create_path "PERL5LIB", buildpath/"lib/perl5" ENV.prepend_path "PATH", buildpath/"bin" %w[ExtUtils::MakeMaker Test::Harness Test::More].each do |r| resource(r).stage do system "perl", "Makefile.PL", "INSTALL_BASE=#{buildpath}" system "make", "PERL5LIB=#{ENV["PERL5LIB"]}", "CC=#{ENV.cc}" system "make", "install" end end end # This could interfere with how we expect OpenSSL to build. ENV.delete("OPENSSL_LOCAL_CONFIG_DIR") # This ensures where Homebrew's Perl is needed the Cellar path isn't # hardcoded into OpenSSL's scripts, causing them to break every Perl update. # Whilst our env points to opt_bin, by default OpenSSL resolves the symlink. ENV["PERL"] = Formula["perl"].opt_bin/"perl" if which("perl") == Formula["perl"].opt_bin/"perl" arch_args = [] if OS.mac? arch_args += %W[darwin64-#{Hardware::CPU.arch}-cc enable-ec_nistp_64_gcc_128] elsif Hardware::CPU.intel? arch_args << (Hardware::CPU.is_64_bit? ? "linux-x86_64" : "linux-elf") elsif Hardware::CPU.arm? arch_args << (Hardware::CPU.is_64_bit? ? "linux-aarch64" : "linux-armv4") end openssldir.mkpath system "perl", "./Configure", *(configure_args + arch_args) system "make" system "make", "install", "MANDIR=#{man}", "MANSUFFIX=ssl" system "make", "test" end def openssldir etc/"openssl@3" end def post_install rm_f openssldir/"cert.pem" openssldir.install_symlink Formula["ca-certificates"].pkgetc/"cert.pem" end def caveats <<~EOS A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in #{openssldir}/certs and run #{opt_bin}/c_rehash EOS end test do # Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody. assert_predicate pkgetc/"openssl.cnf", :exist?, "OpenSSL requires the .cnf file for some functionality" # Check OpenSSL itself functions as expected. (testpath/"testfile.txt").write("This is a test file") expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249" system bin/"openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt" open("checksum.txt") do |f| checksum = f.read(100).split("=").last.strip assert_equal checksum, expected_checksum end end end