5 Replies Latest reply: Aug 7, 2012 5:22 AM by etresoft
rajdeep.s.mann Level 1 Level 1 (0 points)

I have installed a new version of openssl(openssl-1.0.1b) on my mac due to some project requirements. But now if I try to verify mobileprovisions profiles using command

openssl smime -in "path of mobile provision profile" -inform der -verify

it fails with the message "unable to find local issuer certificate". I understand this happens because the new version of openssl cannot find certificates against which it should verify profiles. So my question is

Is there a workaround so that I can use the new version and still verify profiles or if not how can I get my original openssl back which was installed mac by default?


iMac, Mac OS X (10.7.3)
  • 1. Re: Revert to original openssl on mac
    etresoft Level 7 Level 7 (24,270 points)

    How did you install the new version. It should have installed into /usr/local. If you put it elsewhere, your only option will be a reinstall of the OS.

  • 2. Re: Revert to original openssl on mac
    rajdeep.s.mann Level 1 Level 1 (0 points)

    I have not installed it in /usr/local..is there a way I can apply a patch or something similar...?

  • 3. Re: Revert to original openssl on mac
    Stijn Spijker Level 1 Level 1 (0 points)

    My (original, Mac OS 10.7.4) openssl was installed in /usr/bin, you can trace it by opening the terminal and executing "which openssl".

     

    If this does not point to /usr/bin/openssl, you could probably try verifying that the "original" (most likely) openssl still exists in /usr/bin/openssl by executing "file /usr/bin/openssl". This should return something like the following:

     

    /usr/bin/openssl: Mach-O universal binary with 2 architectures

    /usr/bin/openssl (for architecture x86_64):          Mach-O 64-bit executable x86_64

    /usr/bin/openssl (for architecture i386):          Mach-O executable i386

     

    If your "which" command points to another location then /usr/bin, and the file command verifies that the original binary is still in place, you could probably try to verify your mobile provisioning files with that.

     

    Instead of executing "openssl smime -in "path of mobile provision profile" -inform der -verify", execute it by calling the specific binary you want in the following manor:  "/usr/bin/openssl smime -in "path of mobile provision profile" -inform der -verify"

     

    If you want to go back to the old openssl binary permanently, you will have to remove the "new" openssl.

    If you installed the new openssl in /usr/bin (eg, the original binary does not exist anymore), then you'll have to find some other way to install the original openssl.

     

    Maybe you can link the tutorial / guide you followed to install your new openssl? This would help people here to determine what you actually did

  • 4. Re: Revert to original openssl on mac
    rajdeep.s.mann Level 1 Level 1 (0 points)

    I did install it in /usr/bin..thats why if I use whereis openssl it returns /usr/bin/openssl which means I do not have old openssl binary

     

    "If you installed the new openssl in /usr/bin (eg, the original binary does not exist anymore), then you'll have to find some other way to install the original openssl."

     

    I was trying to find some other way but could not? If somebody has done it it will be really helpfull.

  • 5. Re: Revert to original openssl on mac
    etresoft Level 7 Level 7 (24,270 points)

    You will have to reinstall the operating system, sorry.