.png)
4 months ago
28
MacOS ships with a modified version of LibreSSL that uses the MacOS keychain as the CA trust store. However Apple did not provide the required SDK files to link to this library, so this repo has the missing headers and tbd files, taken from the upstream open source repositories.
You can use these files to build a newer version of curl, with the same configuration as curl included with MacOS, i.e. have LibreSSL use the keychain trust store.
Either build your project with -I and -L flags or point autoconf to the root dir.
If you want to copy what apple employees seems to do you need to clone this repo into $(xcrun --show-sdk-path)/usr/local/libressl.
As also noted by Apple, makes ure to not have other libs (e.g. homebrew) on your PATH or PKG_CONFIG_PATH. Here is a script to build curl from source:
To confirm that it worked, look at otool -L output to see if it libcurl indeed is linked to openssl and nghttp from /usr/lib:
The headers were simply downloaded from upstream sources:
The .tbd (text-based stub) files were generated by first building LibreSSL 3.3.6 from source and then using tapi stubify on the shared libraries:
And afterwards manually the install-name and targets were manually modified with a text editor.
