OpenSSL installed with Homebrew on macOS 10.15.6 appears to be stuck at version @1.1, getting the latest instead?

I'm using macOS 10.15.6 Catalina and Homebrew (latest version, 2.5.1). When I do brew list I notice there is [email protected] in my list of installed formulae.

I can't recall if I ever installed openssl manually or that it came along with another formula, but I certainly never explicitly picked the @1.1 version myself.

When I do openssl version it says LibreSSL 2.8.3.

When I do brew install openssl it says:

Warning: [email protected] 1.1.1g is already installed and up-to-date
To reinstall 1.1.1g, run brew reinstall [email protected]

Instead I tried brew install libressl. That installs OK, but when I now do openssl version it still says LibreSSL 2.8.3.

However if I do /usr/local/opt/libressl/bin/openssl version it says LibreSSL 3.1.4 which seems more up to date. So now apparently two versions are installed, but the 'default' one is still the older version.

Two questions:

1. I just want to use the latest openssl (or libressl). When I run openssl I want it to invoke the latest version available. Can I or should I somehow get rid of the @1.1 version and just install the latest openssl instead? Or install libressl as I did, but then I want that to be the default, not the old one.

2. Considering that the @1.1 version will probably be there for a reason, may that imply that some other software depending on that specific version will no longer work? This kinda feels crappy, for example what if I happen to have two pieces of software that each depend on a different specific version. Can I instruct software depending older openssl versions to use a specific path for that older version, while keeping just openssl (without explicit path) to be the latest?

Solution 1:

MacOS includes an older version of openssl, that's what's by default in the path, and that's the one you'll see (try which openssl to see which one gets picked up on your computer).

Homebrew installs [email protected] into /opt, which means you need to explicitly call it from there, and if you want to link other programs you compile to it, you need to set library paths etc.

Same for libressl.

I just want to use the latest openssl (or libressl).

The binary, I assume? One way to do that is to add your own $HOME/bin directory in front of your PATH (something I recommend anyway) in your shell, and make a shell script openssl in there that calls the version you want to use. When you do it that way, you won't mess up anything else.

may that imply that some other software depending on that specific version will no longer work?

Exactly. That's why you shouldn't replace the one that comes with MacOS, for example.

Can I instruct software depending older openssl versions to use a specific path for that older version,

If you do it the other way round (have a different PATH in your terminal), then anything you call from outside the terminal isn't going to break, for starters.

To answer questions in the comment:

1. I have a ~/.profile with

   export PATH=$HOME/bin:$PATH
   

   in it.

2. See this answer. That is: Create a file ~/bin/openssl with

   #!/bin/bash
   exec /usr/local/opt/libressl/bin/openssl "$@"
   

in it. Don't forget to chmod a+x ~/bin/openssl.

Environment will get passed, redirections will apply. Wildcards will be resolved on first call, but passed on in resolved form.