Re: [Chicken-users] Building the openssl egg on MacOS

[Lassi Kortela]

> I spent a _little_ while digging into the details of this a few months
> ago, and my understanding is this:
>
>     * Apple were suffering version-skew hell because (reportedly) the
> OpenSSL folk kept changing the ABI for the library.
>     * So they lost patience and deprecated OpenSSL on macOS

Sounds quite plausible.

>     * ...to the extent that there are now compiler-visible deprecation
> markers in the relevant still-visible header files.
>     * The doctrine is that one should use Apple's own encryption
> frameworks (as you noted, Vasilij)
>     * (which work fine, in the pretty basic uses I've made of them, but
> they don't pretend to be OpenSSL)
>     * ...and act as if there were no OpenSSL library at all on macOS.
>     * As Lassi noted, there is still a LibreSSL library on the system in
> fact, but I believe it is intended to be strictly for legacy use.

This is the impression I got as well.

The thing is, not only are the Apple frameworks non-portable to any 
other OS but Apple keeps changing, deprecating and merging frameworks 
from release to release. They just deprecated OpenGL (and didn't adopt 
Vulkan) in favor of some brand new framework that doesn't work on any 
non-Apple OS! And Swift may hold the world record for the number of 
deprecation warnings in any tool. So Apple's own programming interfaces 
are some of the least stable ever :)

> So if you have a tool which depends on Open/LibreSSL, then you need to
> get it on your machine either from source, or using the package manager
> of your choice, and not even try using the system one.

Based on the non-portability and difficulty of using Apple's frameworks, 
and their history of changing them endlessly, I suggest adopting a 
simple policy to direct all Mac users to Homebrew :)

Of SSL libraries, LibreSSL sounds like it will be the most stable and 
secure choice. The OpenSSL compatibility makes it extra nice.