Closed zacknewman closed 7 months ago
macOS is totally supported with OpenSSL, Most of the devs use it... but not 1.x normally - 3.x is required for webauthn-authenticator-rs . I'm not sure anyone tests with LibreSSL.
On Dec 24, 2023, at 4:50 AM, James Hodgkinson @.***> wrote: macOS is totally supported with OpenSSL, Most of the devs use it... but not 1.x normally - 3.x is required for webauthn-authenticator-rs . I'm not sure anyone tests with LibreSSL. macOS uses LibreSSL, so I don’t know how it’d work unless you’re using Homebrew to install a different library. I’ll confirm on my wife’s laptop when I have the time. I was referring to the native system library.I have only used webauthn-rs, and this is the only part that causes issues.
Exactly. Note the openssl docs in the repo.
I knew OpenSSL was required, but I wasn’t aware which versions. That’s why one should RTFM. Sorry for the noise.
No worries 😄
LibreSSL is mostly compatible with OpenSSL 1.1.x; however it is not entirely. In particular there is no
no-check-time
inopenssl-verify
. As a result,webauthn_rs_core
does not compile due to thedanger_disable_certificate_time_checks
parameter inattestation::verify_attestation_ca_chain
which internally relies onopenssl::x509::verify::X509VerifyFlags::NO_CHECK_TIME
. It would be nice if thatbool
were ignored when the OS is one of the *BSDs or macOS.I understand if the *BSDs and macOS are not supported though. It's not too difficult to maintain a local version of the library with the line removed and relying on a
[patch]
section inCargo.toml
.