Ruby not finding new version of OpenSSL

Where and when does `OpenSSL::OPENSSL_VERSION_NUMBER` get set? And why isn't it getting set to the latest OpenSSL that I've just installed?

First the error(s):

$ gem install activesupport -v '3.2.13'
Error while executing gem ... (RuntimeError)
Unsupported digest algorithm (SHA512)

If I go directly into irb, I can see that Ruby is using the "old" openssl:

$ irb
>> require 'openssl'
=> true
>> OpenSSL::Digest.new('sha512')
RuntimeError: Unsupported digest algorithm (sha512)
>> OpenSSL::OPENSSL_VERSION_NUMBER.to_s(16)
"9070cf"

This tells me that Ruby isn't finding the local version of OpenSSL that I just built, which should be at least 0x908000. The relevant code:

# file: usr/lib/ruby/2.0.0/openssl/digest.rb
...
alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
if OPENSSL_VERSION_NUMBER > 0x00908000
alg += %w(SHA224 SHA256 SHA384 SHA512)
end

explains why it's not finding SHA512.

But I don't know why Ruby is using the old version of OpenSSL. I built OpenSSL and Ruby from fresh sources using

SANDBOX=/Users/me/sandboxes/ruby2
PATH=$(SANDBOX)/usr/bin:$(PATH)

# Create a fresh OpenSSL from sources
(downloaded and unpacked

[To see links please register here]

)
$ ./config --prefix=$(SANDBOX)/usr --openssldir=$(SANDBOX)/usr/openssl
$ make ; make install ; make clean
# verify openssl
$ which openssl
/Users/me/sandboxes/ruby2/usr/bin/openssl
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

# Create a fresh Ruby from sources
(download and unpack

[To see links please register here]

)
$ ./configure --prefix=$(SANDBOX)/usr --with-open-ssl-dir=$(SANDBOX)/usr/openssl
$ make ; make intalll ; make clean
# verify ruby
$ which ruby
/Users/me/sandboxes/ruby2/usr/bin/ruby

But this ruby doesn't appear to find the openssl 1.0.1e that I just built.

My understanding was that the `--with-open-ssl-dir` argument to `./configure` was necessary and sufficient to tell ruby to use the new OpenSSL, but that didn't seem to work.

Any ideas on how to get Ruby to recognize the new OpenSSL that I've built?

I've tried running `ruby extconf.rb ; make ; make install` as suggested by @Gaurish (below), but that still finds the OpenSSL installed in the system, not in my project root directory.

For mac

sudo gem install openssl --install-dir vendor/bundle -- --with-openssl-dir=/usr/local/Cellar/[email protected]/1.1.1k

#### **TL;DR**

When OpenSSL changes, always recompile Ruby or the openssl native extension.

### Why

Ruby compiles the OpenSSL version into the openssl native extension, even when it links to a shared OpenSSL library. Either reinstall Ruby or recompile the openssl extension to fix it.


$ ruby -ropenssl -e'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.2e 3 Dec 2015
$ /usr/local/opt/openssl/bin/openssl version
OpenSSL 1.0.2g 1 Mar 2016
$ strings {{redacted}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle | grep '1.0.2'
OpenSSL 1.0.2e 3 Dec 2015
$ otool -L {{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle
{{redacted}}/ruby-2.3.0/lib/ruby/2.3.0/x86_64-darwin15/openssl.bundle:
{{redacted}}/ruby-2.3.0/lib/libruby.2.3.0.dylib (compatibility version 2.3.0, current version 2.3.0)
/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
/usr/local/opt/gmp/lib/libgmp.10.dylib (compatibility version 14.0.0, current version 14.0.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)

We use [ruby-install](

[To see links please register here]

) and [chruby](

[To see links please register here]

). Instead of `/opt/rubies`, we use `/usr/local/rubies` to avoid `sudo`. You can also `sudo ln -s /usr/local/rubies /opt/rubies` if you don't want to bother setting `RUBIES` for chruby.


brew install openssl && \
ruby-install ruby-2.3.0 \
--no-install-deps \
-- \
--without-X11 \
--without-tk \
--enable-shared \
--disable-install-doc \
--with-openssl-dir="$(brew --prefix openssl)"


### Update

There's yet another constant which **is** derived from the actual, loaded OpenSSL library.

`OpenSSL::OPENSSL_LIBRARY_VERSION`

Old question but still relevant if you have to deal with old setups:

In my case the problem lay within the OpenSSL installation.
As described [in this blog][1] you have to **make sure the shared libraries are installed** with OpenSSL :

$ ./config --prefix=/path/to/openssl-0.9.8g shared
$ make depend
$ make
$ make install

And then installed OpenSSL as usual.

For ruby I used this configure line:

$ ./configure --prefix=/path/to/ruby-2.2.2/ --with-openssl-dir=/path/to/openssl-0.9.8g
$ make
$ make install

Result:

$ /path/to/ruby-2.2.2/bin/irb
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::Digest.new('sha512')
=> #<OpenSSL::Digest: cf83e13000efb8bd00042850d66d8007d620e4050b0005dc83f4a921d36ce00047d0d13c5d85f2b0ff8318d2877eec2f000931bd47417a81a538327af927da3e>


[1]:

[To see links please register here]

I think the correct flag to pass to `./configure` is `--with-openssl-dir`, not `--with-open-ssl-dir`.

Also, the correct value to pass to `--with-openssl-dir` in this case is `$SANDBOX/usr`, not `$SANDBOX/usr/openssl`.

Moreover, you might need to compile OpenSSL for 64-bit architecture.

This process worked for me (OS X 10.8):

$ export SANDBOX=/Users/me/sandboxes/ruby2
$ mkdir -p $SANDBOX/usr/bin

# Install OpenSSL 1.0.1e
$ curl -O

[To see links please register here]

$ tar -xzvf openssl-1.0.1e.tar.gz
$ cd openssl-1.0.1e
# Copied from the Homebrew recipe for OpenSSL
$ perl ./Configure --prefix=$SANDBOX/usr --openssldir=$SANDBOX/usr/openssl zlib-dynamic shared darwin64-x86_64-cc enable-ec_nistp_64_gcc_128
$ make depend
$ make
$ make install

# Install Ruby 2.0.0-p0
$ curl -O

[To see links please register here]

$ tar -xzvf ruby-2.0.0-p0.tar.gz
$ cd ruby-2.0.0-p0
$ ./configure --prefix=$SANDBOX/usr --with-openssl-dir=$SANDBOX/usr
$ make
$ make install

# Setting PATH before compiling Ruby can can cause the compilation to fail
$ export PATH=$SANDBOX/usr/bin:$PATH
$ which ruby #=>/Users/me/sandboxes/ruby2/usr/bin/ruby
$ which openssl #=> /Users/me/sandboxes/ruby2/usr/bin/openssl
$ openssl version #=> OpenSSL 1.0.1e 11 Feb 2013

$ irb
>> require "openssl"
=> true
>> OpenSSL::Digest.new("sha512")
=> #<OpenSSL::Digest: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e>

You could also install [Homebrew](

[To see links please register here]

) and [chruby](

[To see links please register here]

) (or [rbenv](

[To see links please register here]

)) and follow the [instructions for installing Ruby 2.0.0 for chruby](

[To see links please register here]

):

brew install openssl readline libyaml gdbm libffi
wget

[To see links please register here]

tar -xzvf ruby-2.0.0-p0.tar.gz
cd ruby-2.0.0-p0
./configure --prefix=/opt/rubies/ruby-2.0.0-p0 --with-openssl-dir=$(brew --prefix openssl)
make
sudo make install

Turns out, to get OpenSSL to compile and install with Ruby on Ubuntu, you need to follow these steps *after you've installed ruby*:

cd ruby_src_dir/ext/openssl
ruby extconf.rb
make
make install

Let me know if it works