Where and when does OpenSSL::OPENSSL_VERSION_NUMBER get set? And why isn't it getting set to the latest OpenSSL that I've just installed?
First the error(s):
$ gem install activesupport -v '3.2.13'
Error while executing gem ... (RuntimeError)
Unsupported digest algorithm (SHA512)
If I go directly into irb, I can see that Ruby is using the "old" openssl:
$ irb
>> require 'openssl'
=> true
>> OpenSSL::Digest.new('sha512')
RuntimeError: Unsupported digest algorithm (sha512)
>> OpenSSL::OPENSSL_VERSION_NUMBER.to_s(16)
"9070cf"
This tells me that Ruby isn't finding the local version of OpenSSL that I just built, which should be at least 0x908000. The relevant code:
# file: usr/lib/ruby/2.0.0/openssl/digest.rb
...
alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
if OPENSSL_VERSION_NUMBER > 0x00908000
alg += %w(SHA224 SHA256 SHA384 SHA512)
end
explains why it's not finding SHA512.
But I don't know why Ruby is using the old version of OpenSSL. I built OpenSSL and Ruby from fresh sources using
SANDBOX=/Users/me/sandboxes/ruby2
PATH=$(SANDBOX)/usr/bin:$(PATH)
# Create a fresh OpenSSL from sources
(downloaded and unpacked http://www.openssl.org/source/openssl-1.0.1e.tar.gz)
$ ./config --prefix=$(SANDBOX)/usr --openssldir=$(SANDBOX)/usr/openssl
$ make ; make install ; make clean
# verify openssl
$ which openssl
/Users/me/sandboxes/ruby2/usr/bin/openssl
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
# Create a fresh Ruby from sources
(download and unpack http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz)
$ ./configure --prefix=$(SANDBOX)/usr --with-open-ssl-dir=$(SANDBOX)/usr/openssl
$ make ; make intalll ; make clean
# verify ruby
$ which ruby
/Users/me/sandboxes/ruby2/usr/bin/ruby
But this ruby doesn't appear to find the openssl 1.0.1e that I just built.
My understanding was that the --with-open-ssl-dir argument to ./configure was necessary and sufficient to tell ruby to use the new OpenSSL, but that didn't seem to work.
Any ideas on how to get Ruby to recognize the new OpenSSL that I've built?
I've tried running ruby extconf.rb ; make ; make install as suggested by @Gaurish (below), but that still finds the OpenSSL installed in the system, not in my project root directory.
When OpenSSL changes, always recompile Ruby or the openssl native extension.
Why
Ruby compiles the OpenSSL version into the openssl native extension, even when it links to a shared OpenSSL library. Either reinstall Ruby or recompile the openssl extension to fix it.
$ ruby -ropenssl -e'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.2e 3 Dec 2015
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2g 1 Mar 2016
$ strings {{redacted}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle | grep '1.0.2'
OpenSSL 1.0.2e 3 Dec 2015
$ otool -L {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle
{{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle:
{{redacted}}/ruby-2.3.0/lib/libruby.2.3.0.dylib (compatibility version 2.3.0, current version 2.3.0)
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
/usr/local/opt/gmp/lib/libgmp.10.dylib (compatibility version 14.0.0, current version 14.0.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
We use ruby-install and chruby. Instead of /opt/rubies, we use /usr/local/rubies to avoid sudo. You can also sudo ln -s /usr/local/rubies /opt/rubies if you don't want to bother setting RUBIES for chruby.
brew install openssl && \
ruby-install ruby-2.3.0 \
--no-install-deps \
-- \
--without-X11 \
--without-tk \
--enable-shared \
--disable-install-doc \
--with-openssl-dir="$(brew --prefix openssl)"
Update
There's yet another constant which is derived from the actual, loaded OpenSSL library.
OpenSSL::OPENSSL_LIBRARY_VERSION
I think the correct flag to pass to ./configure is --with-openssl-dir, not --with-open-ssl-dir.
Also, the correct value to pass to --with-openssl-dir in this case is $SANDBOX/usr, not $SANDBOX/usr/openssl.
Moreover, you might need to compile OpenSSL for 64-bit architecture.
This process worked for me (OS X 10.8):
$ export SANDBOX=/Users/me/sandboxes/ruby2
$ mkdir -p $SANDBOX/usr/bin
# Install OpenSSL 1.0.1e
$ curl -O http://www.openssl.org/source/openssl-1.0.1e.tar.gz
$ tar -xzvf openssl-1.0.1e.tar.gz
$ cd openssl-1.0.1e
# Copied from the Homebrew recipe for OpenSSL
$ perl ./Configure --prefix=$SANDBOX/usr --openssldir=$SANDBOX/usr/openssl zlib-dynamic shared darwin64-x86_64-cc enable-ec_nistp_64_gcc_128
$ make depend
$ make
$ make install
# Install Ruby 2.0.0-p0
$ curl -O http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz
$ tar -xzvf ruby-2.0.0-p0.tar.gz
$ cd ruby-2.0.0-p0
$ ./configure --prefix=$SANDBOX/usr --with-openssl-dir=$SANDBOX/usr
$ make
$ make install
# Setting PATH before compiling Ruby can can cause the compilation to fail
$ export PATH=$SANDBOX/usr/bin:$PATH
$ which ruby #=>/Users/me/sandboxes/ruby2/usr/bin/ruby
$ which openssl #=> /Users/me/sandboxes/ruby2/usr/bin/openssl
$ openssl version #=> OpenSSL 1.0.1e 11 Feb 2013
$ irb
>> require "openssl"
=> true
>> OpenSSL::Digest.new("sha512")
=> #<OpenSSL::Digest: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e>
You could also install Homebrew and chruby (or rbenv) and follow the instructions for installing Ruby 2.0.0 for chruby:
brew install openssl readline libyaml gdbm libffi
wget http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz
tar -xzvf ruby-2.0.0-p0.tar.gz
cd ruby-2.0.0-p0
./configure --prefix=/opt/rubies/ruby-2.0.0-p0 --with-openssl-dir=$(brew --prefix openssl)
make
sudo make install
Turns out, to get OpenSSL to compile and install with Ruby on Ubuntu, you need to follow these steps after you've installed ruby:
cd ruby_src_dir/ext/openssl
ruby extconf.rb
make
make install
Let me know if it works
Old question but still relevant if you have to deal with old setups:
In my case the problem lay within the OpenSSL installation. As described in this blog you have to make sure the shared libraries are installed with OpenSSL :
$ ./config --prefix=/path/to/openssl-0.9.8g shared
$ make depend
$ make
$ make install
And then installed OpenSSL as usual.
For ruby I used this configure line:
$ ./configure --prefix=/path/to/ruby-2.2.2/ --with-openssl-dir=/path/to/openssl-0.9.8g
$ make
$ make install
Result:
$ /path/to/ruby-2.2.2/bin/irb
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::Digest.new('sha512')
=> #<OpenSSL::Digest: cf83e13000efb8bd00042850d66d8007d620e4050b0005dc83f4a921d36ce00047d0d13c5d85f2b0ff8318d2877eec2f000931bd47417a81a538327af927da3e>
来源:https://stackoverflow.com/questions/15907103/ruby-not-finding-new-version-of-openssl