On 11/27/2018 10:47 AM, Viktor Dukhovni wrote:
On Nov 27, 2018, at 10:33 AM, Robert Chalmers <racu...@gmail.com> wrote:
set -- '-DUSE_TLS -I/usr/local/Cellar/openssl/1.0.2p/include'
set -- "$@" '-I/usr/local/opt/icu4c/include'
set -- "$@" '-DHAS_MYSQL -I/usr/local/include/mysql'
set -- '-DHAS_PCRE -I/usr/local/include'
set -- "$@" '-DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DDEF_SERVER_SASL_TYPE=\"dovecot\"
-I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/sasl'
CCARGS="$@"
set -- '-lsasl2'
set -- "$@" '-L/usr/local/Cellar/openssl/1.0.2p/lib -lssl -lcrypto'
set -- "$@" '-L/usr/local/lib -ldb'
set -- "$@" '-L/usr/lib -lsasl2'
set -- "$@" '-L/usr/local/opt/icu4c/lib -licuuc'
AUXLIBS="$@"
If homebrew also provides OpenSSL 1.1.1a, I'd recommend 1.1.1a over 1.0.2p,
as support for the latter ends in December 2019, while 1.1.1 is the new
long-term stable release, for 5 years starting Sep 2018.
I might be wrong about this, but also I seem to recall seeing OpenSSL
1.1.0 or newer was needed for the Ed25519-sha256 sig support coming in
next OpenDKIM (and already in their Beta2 release).
Probably not a good idea to start signing that way yet but probably is
good idea to be able to validate others who adopt early.
