Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I have used brew install openssl to download and install openssl v1.0.2f, however, it comes back saying:

A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs
and run
  /usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local.
Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:
    LDFLAGS:  -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include
And when I do openssl version -a it always gives me:
OpenSSL 0.9.8zg 14 July 2015
built on: Jul 31 2015
platform: darwin64-x86_64-llvm
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfish(idx) 
compiler: -arch x86_64 -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DOPENSSL_THREADS -DZLIB -mmacosx-version-min=10.6
OPENSSLDIR: "/System/Library/OpenSSL"
How can I replace the old version with the new one? I've searched a lot on how to do this, but the solutions online don't seem to work for me...
brew update
brew install openssl
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile
You will have the latest version of openssl installed and accessible from cli (command line/terminal). Since the third command will add export path to .bash_profile, the newly installed version of openssl will be accessible across system restarts.
                When I run $ openssl version I get OpenSSL 0.9.8zh 14 Jan 2016 but when I run $ brew install openssl I get Warning: openssl 1.0.2l is already installed. Does this mean I have two versions installed?
– user285372
                Sep 18, 2017 at 8:04
                I guess, you have 2 versions  of openssl in your system now. One available by default with mac and the other one you installed using brew. Execute the third and fourth commands above to access the latest version(1.0.2l) of openssl from the command line.
– shaunthomas999
                Sep 19, 2017 at 9:51
                I found util for people who like me have tried everything they read about how to link the last openssl.
– Olivier
                Dec 1, 2016 at 16:44
                this has also been the only thing that has worked for me on osX Sierra, WITHOUT disabling SIP. Thanks!
– John
                Apr 29, 2017 at 17:08
I can't reproduce your issue running El Cap + Homebrew 1.0.x
Upgrade to Homebrew 1.0.x, which was released late in September 2016. Specific changes were made in the way openssl is linked. The project is on a more robust release schedule now that it's hit 1.0.
brew uninstall openssl
brew update && brew upgrade && brew cleanup && brew doctor
You should fix any issues raised by brew doctor before proceeding.
brew install openssl
Note: Upgrading homebrew will update all your installed packages to their latest versions.
                Added disclaimer about updating. As time goes on, upgrading homebrew to version 1.x will become more and more necessary. The issue has been resolved in homebrew 1.x as far as I can tell.
– Wade Williams
                Oct 27, 2016 at 15:40
Try creating a symlink, make sure you have openssl installed in /usr/local/include first. 
ln -s /usr/local/Cellar/openssl/{version}/include/openssl /usr/local/include/openssl
More info at Openssl with El Capitan.
I reached this page when I searched for information about openssl being keg-only. I believe I have understood the reason why Homebrew is taking this action now. My solution may work for you:
Use the following command to make the new openssl command available (assuming you have adjusted PATH to put /usr/local/bin before /usr/bin):
ln -s /usr/local/opt/openssl/bin/openssl /usr/local/bin/
When compiling with openssl, follow Homebrew's advice and use
-I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib
Alternatively, you can make these settings permanent by putting the following lines in your .bash_profile or .bashrc:
export CPATH=/usr/local/opt/openssl/include
export LIBRARY_PATH=/usr/local/opt/openssl/lib
This is an old question but still answering it in present-day context as many of the above answers may not work now.
The problem is that the Path is still pointing to the old version. Two solutions can be provided for resolution :
Uninstall old version of openssl package brew uninstall openssl and then reinstall the new version : brew install openssl
point the PATH to the new version of openssl.First install the new version and now(or if) you have installed the latest version, point the path to it: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
You can run brew link openssl to link it into /usr/local, if you don't mind the potential problem highlighted in the warning message. Otherwise, you can add the openssl bin directory to your path:
export PATH=$(brew --prefix openssl)/bin:$PATH
                No; Homebrew will yell at you if you do this.  Look at stackoverflow.com/a/17016758/17597 for an explanation of keg-only dependencies.  As mentioned in the answer above, you can use --force to override, but you should understand the potential consequences of doing so.
– hakamadare
                Apr 8, 2016 at 18:47
To replace the old version with the new one, you need to change the link for it. Type that command to terminal.
brew link --force openssl
Check the version of openssl again. It should be changed.
                After brew link, for me at least, the OpenSSL appears to be updated. But something is not "right". I executed brew doctor and there is a warning for keg-only formula, this is a substring of all the output: Binaries provided by keg-only formulae may override system binaries with other strange results. And suggests to brew unlink openssl. Should be ignored?
– Paulo Oliveira
                Mar 21, 2016 at 23:54
                @Knaak This doesn't work on El Capitan with Homebrew 0.9.9. It responds with the message Warning: Refusing to link: openssl.
– ksl
                Aug 23, 2016 at 8:47
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.