- 
                Notifications
    You must be signed in to change notification settings 
- Fork 5.2k
Stop building System.Security.Cryptography.Native.OpenSsl on macOS #117465
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| Tagging subscribers to this area: @dotnet/area-infrastructure-libraries | 
| /cc @dotnet/area-system-security. This is a bit cross cutting in terms of area ownership but felt more "infrastructure-y", but something everyone should be aware of nonetheless. | 
| Blocked on #117472. | 
| Closing, because I am blocked, and the fix for blocking is blocked. Will re-open when / if it is feasible. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR stops building System.Security.Cryptography.Native.OpenSsl on macOS, following the previous removal of OpenSSL support on macOS in #116481. The changes align macOS with other Apple platforms by excluding OpenSSL-related builds and using the Apple-specific cryptography implementation instead.
Key changes:
- Excludes macOS from building OpenSSL cryptography native libraries
- Updates build scripts to skip OpenSSL-related configuration on macOS
- Consolidates Apple platform handling in CMake configurations
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description | 
|---|---|
| src/native/libs/build-native.sh | Adds macOS to platforms that skip OpenSSL native library builds | 
| src/native/libs/System.Security.Cryptography.Native/CMakeLists.txt | Removes macOS-specific OpenSSL configuration and build verification | 
| src/native/libs/CMakeLists.txt | Consolidates Apple platform handling to exclude OpenSSL and use Apple cryptography | 
| src/native/corehost/hostpolicy/hostpolicy_context.cpp | Excludes macOS from OpenSSL DLL import resolution | 
| src/native/corehost/build.sh | Skips OpenSSL-related CMake configuration on macOS | 
| src/native/corehost/apphost/static/CMakeLists.txt | Excludes Apple platforms from OpenSSL static library linking | 
| src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Unix.targets | Updates condition to exclude all Apple platforms from OpenSSL | 
| eng/native/build-commons.sh | Adds macOS to platforms that skip OpenSSL-related setup | 
| docs/workflow/requirements/macos-requirements.md | Removes OpenSSL from macOS build requirements | 
| The Quic-on-MacOS using OpenSSL has been worked around, so this is feasible again. I am suspicious how easy this change was. Are there parts of packaging and installer building that will need to be updated elsewhere? | 
| 
 I think 
 | 
| 
 I saw those, but I don't see them doing anything conditional. Like, libSystem.Security.Cryptography.Native.Apple.dylib is just "there" but clearly we don't build it for Linux or Windows. So I am not sure what an exclusion would look like there, if we had to do anything. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM apart from one comment about catalyst
| 
 Yeah that list is basically a template which gets processed by https://github.com/dotnet/arcade/blob/4b2bc3e0e6de4355c126b544732481df97900c89/src/Microsoft.DotNet.SharedFramework.Sdk/targets/sharedfx.targets#L269-L272. Nothing to do here. | 
| /ba-g all the failures on non-Apple platforms are unrelated | 
In #116481 we stopped supporting OpenSSL on macOS. This pull request stops building System.Security.Cryptography.Native.OpenSSL on macOS entirely, similarly to what we are doing for other Apple platforms today.