Wolf Rentzsch learned about the various gotchas of linking directly with Mac OS X’s OpenSSL security libraries, and shared his wisdom in a cheeky Apple-style technote format:
Long story short: we screwed up when we included OpenSSL (
libcrypto
) in OS X in the first place.(We learned our lesson and didn’t repeat the mistake with iOS.)
Now there’s some transitionin’ to do.
Linking directly to OpenSSL on Mac OS X is a time bomb. This is probably a more pervasive bug than it would otherwise be, since Apple prescribed using OpenSSL in their Mac App Store documentation demonstrating how to analyze Mac App Store receipts. The vast majority of developers probably followed Apple’s example, and are thus using OpenSSL and linking directly to libcrypto.