Closed zacknewman closed 7 months ago
yaleman
commented
7 months ago macOS is totally supported with OpenSSL, Most of the devs use it... but not 1.x normally - 3.x is required for webauthn-authenticator-rs . I'm not sure anyone tests with LibreSSL.
zacknewman
commented
7 months ago On Dec 24, 2023, at 4:50 AM, James Hodgkinson @.***> wrote: macOS is totally supported with OpenSSL, Most of the devs use it... but not 1.x normally - 3.x is required for webauthn-authenticator-rs . I'm not sure anyone tests with LibreSSL. macOS uses LibreSSL, so I don’t know how it’d work unless you’re using Homebrew to install a different library. I’ll confirm on my wife’s laptop when I have the time. I was referring to the native system library.I have only used webauthn-rs, and this is the only part that causes issues.
yaleman
commented
7 months ago Exactly. Note the openssl docs in the repo.
zacknewman
commented
7 months ago I knew OpenSSL was required, but I wasn’t aware which versions. That’s why one should RTFM. Sorry for the noise.
yaleman
commented
7 months ago No worries 😄
LibreSSL is mostly compatible with OpenSSL 1.1.x; however it is not entirely. In particular there is no
no-check-timeinopenssl-verify. As a result,webauthn_rs_coredoes not compile due to thedanger_disable_certificate_time_checksparameter inattestation::verify_attestation_ca_chainwhich internally relies onopenssl::x509::verify::X509VerifyFlags::NO_CHECK_TIME. It would be nice if thatboolwere ignored when the OS is one of the *BSDs or macOS.I understand if the *BSDs and macOS are not supported though. It's not too difficult to maintain a local version of the library with the line removed and relying on a
[patch]section inCargo.toml.