Homebrew refusing to link OpenSSL
This is what worked for me:
brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl
Thanks to @dorlandode on this thread https://github.com/Homebrew/brew/pull/597
NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in @bouke's comment before attempting this.
None of these solutions worked for me on OS X El Capitan 10.11.6. Probably because OS X has a native version of openssl that it believes is superior, and as such, does not like tampering.
So, I took the high road and started fresh...
Manually install and symlink
cd /usr/local/src
If you're getting "No such file or directory", make it:
cd /usr/local && mkdir src && cd src
Download openssl:
curl --remote-name https://www.openssl.org/source/openssl-1.0.2h.tar.gz
Extract and cd in:
tar -xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
Compile and install:
./configure darwin64-x86_64-cc --prefix=/usr/local/openssl-1.0.2h shared
make depend
make
make install
Now symlink OS X's openssl to your new and updated openssl:
ln -s /usr/local/openssl-1.0.2h/bin/openssl /usr/local/bin/openssl
Close terminal, open a new session, and verify OS X is using your new openssl:
openssl version -a
As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.
The most relevant part of the issue copied here:
I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.
sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dyliband/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:
sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylibIn effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.
Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).
Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:
13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x 1 ben admin 26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1
If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.
Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).