So I've thought about this more and I think the path of least insanity is to tell people to install a package manager and then openssl in the install script.

I'm not exactly happy about this solution. Another option would be to have the install script install homebrew into a user-writable prefix, install openssl there, and then ignore the fact that we've installed homebrew on people's computers :(

Yet another option would be to move the install script to distributing a miniconda-based environment rather than building everything from source.

Any thoughts about these options?

On Sun, Oct 25, 2015 at 12:59 AM, Nathan Goldbaum <nathan12343@gmail.com> wrote:

Hi all,

So the issue with the install script on 10.11 is that Apple no longer includes OpenSSL in the 10.11 SDK.

The way package managers like macports and homebrew deal with this is by installing their own version of OpenSSL. The binary Python.org installers bundle OpenSSL as well. It may be possible to link against a version of OpenSSL included in the SDK for 10.10 (which can be obtained on 10.11), but I suspect that's not a very forward-looking idea and I have no idea under what circumstances the 10.10 SDKs are installed.

One way to fix this would be to ship and build our own versions of OpenSSL along with the install script. I'm very wary about doing this, since I'd prefer not to even think about managing crypto libraries, but it's looking increasingly like we might need to do this here. One way to minimize risk would be to only install OpenSSL on OSX 10.11 and newer.

Anyone have any thoughts here? Going to try to work on this tomorrow as well and it would be great to hear any ideas from the peanut gallery on this one.

-Nathan