1.0.1hは CVE-2014-0224 対策版です。
早めに更新しましょう。
バージョン確認
OpenSSL 1.0.1gです。
$ openssl version
OpenSSL 1.0.1g 7 Apr 2014
$ brew info openssl
openssl: stable 1.0.1g (bottled)
まずhomebrewのデータベースを更新
$ brew update
更新できたか確認します。
$ brew info openssl
openssl: stable 1.0.1h (bottled)
更新できてます。
OpenSSL更新
$ brew upgrade openssl
==> Upgrading 1 outdated package, with result:
openssl 1.0.1h
==> Upgrading openssl
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/openssl-1.0
######################################################################## 100.0%
==> Pouring openssl-1.0.1h.mavericks.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, so it was not symlinked into /usr/local.
Mac OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.
The OpenSSL provided by OS X is too old for some software.
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
==> Summary
🍺 /usr/local/Cellar/openssl/1.0.1h: 429 files, 14M
利用可能か確認
$ openssl version
-bash: /usr/local/bin/openssl: No such file or directory
$ which openssl
/usr/bin/openssl
ダメです。
brew upgrade opensslのログに
This formula is keg-only, so it was not symlinked into /usr/local.
とあったように、まだリンクされていません。
homebrewでインストールしたOpenSSLを使うようにリンクさせる
$ brew link openssl --force
Linking /usr/local/Cellar/openssl/1.0.1h... 1139 symlinks created
$ openssl version
OpenSSL 1.0.1h 5 Jun 2014
$ which openssl
/usr/local/bin/openssl
これでOpenSSL 1.0.1hが利用可能になりました。
Ruby再インストール
homebrewでOpenSSLの脆弱性対策版を入れたのでRubyも更新させる - 別館 子子子子子子(ねこのここねこ)