275 lines
9.8 KiB
Text
275 lines
9.8 KiB
Text
Installing OpenSSL on Unix
|
|
--------------------------
|
|
|
|
[For instructions for compiling OpenSSL on Windows systems, see
|
|
INSTALL.W32].
|
|
|
|
To install OpenSSL, you will need:
|
|
|
|
* Perl
|
|
* C compiler
|
|
* A supported operating system
|
|
|
|
Quick Start
|
|
-----------
|
|
|
|
If you want to just get on with it, do:
|
|
|
|
./Configure Find a match for your system
|
|
in this output and use it on
|
|
the next line
|
|
./Configure <system>
|
|
make -f Makefile.ssl links
|
|
make
|
|
make rehash
|
|
make test
|
|
make install
|
|
|
|
This will build and install OpenSSL in the default location, which is
|
|
/usr/local/ssl. If you want to install it anywhere else, do this
|
|
after running ./Configure <system>:
|
|
|
|
utils/ssldir.pl /new/install/path
|
|
|
|
If anything goes wrong, follow the detailed instructions below. If
|
|
your operating system is not (yet) supported by OpenSSL, see the
|
|
section on porting to a new system.
|
|
|
|
Installation in Detail
|
|
----------------------
|
|
|
|
1. Configure OpenSSL for your operating system
|
|
|
|
OpenSSL knows about a range of different operating system, hardware
|
|
and compiler combinations. To see the ones it knows about, run
|
|
|
|
./Configure
|
|
|
|
Pick a suitable name from the list that matches your system. For
|
|
most operating systems there is a choice between using "cc" or
|
|
"gcc".
|
|
|
|
When you have identified your system (and if necessary compiler)
|
|
use this name as the argument to ./Configure. For example, a
|
|
"linux-elf" user would run:
|
|
|
|
./Configure linux-elf
|
|
|
|
If your system is not available, you will have to edit the Configure
|
|
program and add the correct configuration for your system.
|
|
|
|
Configure configures various files by converting an existing .org
|
|
file into the real file. If you edit any files, remember that if
|
|
a corresponding .org file exists them the next time you run
|
|
./Configure your changes will be lost when the file gets
|
|
re-created from the .org file. The files that are created from
|
|
.org files are:
|
|
|
|
Makefile.ssl
|
|
crypto/des/des.h
|
|
crypto/des/des_locl.h
|
|
crypto/md2/md2.h
|
|
crypto/rc4/rc4.h
|
|
crypto/rc4/rc4_enc.c
|
|
crypto/rc2/rc2.h
|
|
crypto/bf/bf_locl.h
|
|
crypto/idea/idea.h
|
|
crypto/bn/bn.h
|
|
|
|
2. Set the install directory
|
|
|
|
If the install directory will be the default of /usr/local/ssl,
|
|
skip to the next stage. Otherwise, run
|
|
|
|
utils/ssldir.pl /new/install/path
|
|
|
|
This configures the installation location into the "install"
|
|
target of the top-level Makefile, and also updates some defines
|
|
in an include file so that the default certificate directory is
|
|
under the proper installation directory. It also updates a few
|
|
utility files used in the build process.
|
|
|
|
3. Build OpenSSL
|
|
|
|
Now run
|
|
|
|
make
|
|
|
|
This will build the OpenSSL libraries (libcrypto.a and libssl.a)
|
|
and the OpenSSL binary ("ssleay"). The libraries will be built
|
|
in the top-level directory, and the binary will be in the "apps"
|
|
directory.
|
|
|
|
4. After a successful build, the libraries should be tested. Run
|
|
|
|
make rehash
|
|
make test
|
|
|
|
(The first line makes the test certificates in the "certs"
|
|
directory accessable via an hash name, which is required for some
|
|
of the tests).
|
|
|
|
5. If everything tests ok, install OpenSSL with
|
|
|
|
make install
|
|
|
|
This will create the installation directory (if it does not
|
|
exist) and then create the following subdirectories:
|
|
|
|
bin Contains the ssleay binary and a few other utility
|
|
programs. It also contains symbolic links so
|
|
that ssleay commands can be accessed directly
|
|
(e.g. so that "s_client" can be used instead of
|
|
"ssleay s_client").
|
|
certs Initially empty, this is the default location
|
|
for certificate files.
|
|
include Contains the header files needed if you want to
|
|
compile programs with libcrypto or libssl.
|
|
lib Contains the library files themselves and the
|
|
OpenSSL configuration file "ssleay.cnf".
|
|
private Initially empty, this is the default location
|
|
for private key files.
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Additional Compilation Notes
|
|
----------------------------
|
|
|
|
These notes come from SSLeay 0.9.1 and cover some more advanced
|
|
facilities (such as building a single makefile for use on Windows
|
|
systems).
|
|
|
|
|
|
# Installation of SSLeay.
|
|
# It depends on perl for a few bits but those steps can be skipped and
|
|
# the top level makefile edited by hand
|
|
|
|
# When bringing the SSLeay distribution back from the evil intel world
|
|
# of Windows NT, do the following to make it nice again under unix :-)
|
|
# You don't normally need to run this.
|
|
sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
|
|
|
|
# If you have perl, and it is not in /usr/local/bin, you can run
|
|
perl util/perlpath.pl /new/path
|
|
# and this will fix the paths in all the scripts. DO NOT put
|
|
# /new/path/perl, just /new/path. The build
|
|
# environment always run scripts as 'perl perlscript.pl' but some of the
|
|
# 'applications' are easier to usr with the path fixed.
|
|
|
|
# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
|
|
# to set the install locations if you don't like
|
|
# the default location of /usr/local/ssl
|
|
# Do this by running
|
|
perl util/ssldir.pl /new/ssl/home
|
|
# if you have perl, or by hand if not.
|
|
|
|
# If things have been stuffed up with the sym links, run
|
|
make -f Makefile.ssl links
|
|
# This will re-populate lib/include with symlinks and for each
|
|
# directory, link Makefile to Makefile.ssl
|
|
|
|
# Setup the machine dependent stuff for the top level makefile
|
|
# and some select .h files
|
|
# If you don't have perl, this will bomb, in which case just edit the
|
|
# top level Makefile.ssl
|
|
./Configure 'system type'
|
|
|
|
# The 'Configure' command contains default configuration parameters
|
|
# for lots of machines. Configure edits 5 lines in the top level Makefile
|
|
# It modifies the following values in the following files
|
|
Makefile.ssl CC CFLAG EX_LIBS BN_MULW
|
|
crypto/des/des.h DES_LONG
|
|
crypto/des/des_locl.h DES_PTR
|
|
crypto/md2/md2.h MD2_INT
|
|
crypto/rc4/rc4.h RC4_INT
|
|
crypto/rc4/rc4_enc.c RC4_INDEX
|
|
crypto/rc2/rc2.h RC2_INT
|
|
crypto/bf/bf_locl.h BF_INT
|
|
crypto/idea/idea.h IDEA_INT
|
|
crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
|
|
SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
|
|
SIXTEEN_BIT or EIGHT_BIT)
|
|
Please remember that all these files are actually copies of the file with
|
|
a .org extention. So if you change crypto/des/des.h, the next time
|
|
you run Configure, it will be runover by a 'configured' version of
|
|
crypto/des/des.org. So to make the changer the default, change the .org
|
|
files. The reason these files have to be edited is because most of
|
|
these modifications change the size of fundamental data types.
|
|
While in theory this stuff is optional, it often makes a big
|
|
difference in performance and when using assember, it is importaint
|
|
for the 'Bignum bits' match those required by the assember code.
|
|
A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
|
|
flag to use the hardware multiply instruction which was not present in
|
|
earlier versions of the sparc CPU. I define it by default. If you
|
|
have an old sparc, and it crashes, try rebuilding with this flag
|
|
removed. I am leaving this flag on by default because it makes
|
|
things run 4 times faster :-)
|
|
|
|
# clean out all the old stuff
|
|
make clean
|
|
|
|
# Do a make depend only if you have the makedepend command installed
|
|
# This is not needed but it does make things nice when developing.
|
|
make depend
|
|
|
|
# make should build everything
|
|
make
|
|
|
|
# fix up the demo certificate hash directory if it has been stuffed up.
|
|
make rehash
|
|
|
|
# test everything
|
|
make test
|
|
|
|
# install the lot
|
|
make install
|
|
|
|
# It is worth noting that all the applications are built into the one
|
|
# program, ssleay, which is then has links from the other programs
|
|
# names to it.
|
|
# The applicatons can be built by themselves, just don't define the
|
|
# 'MONOLITH' flag. So to build the 'enc' program stand alone,
|
|
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
|
|
|
|
# Other useful make options are
|
|
make makefile.one
|
|
# which generate a 'makefile.one' file which will build the complete
|
|
# SSLeay distribution with temp. files in './tmp' and 'installable' files
|
|
# in './out'
|
|
|
|
# Have a look at running
|
|
perl util/mk1mf.pl help
|
|
# this can be used to generate a single makefile and is about the only
|
|
# way to generate makefiles for windows.
|
|
|
|
# There is actually a final way of building SSLeay.
|
|
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
|
|
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
|
|
# and you now have the 2 libraries as single object files :-).
|
|
# If you want to use the assember code for your particular platform
|
|
# (DEC alpha/x86 are the main ones, the other assember is just the
|
|
# output from gcc) you will need to link the assember with the above generated
|
|
# object file and also do the above compile as
|
|
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
|
|
|
|
This last option is probably the best way to go when porting to another
|
|
platform or building shared libraries. It is not good for development so
|
|
I don't normally use it.
|
|
|
|
To build shared libararies under unix, have a look in shlib, basically
|
|
you are on your own, but it is quite easy and all you have to do
|
|
is compile 2 (or 3) files.
|
|
|
|
For mult-threading, have a read of doc/threads.doc. Again it is quite
|
|
easy and normally only requires some extra callbacks to be defined
|
|
by the application.
|
|
The examples for solaris and windows NT/95 are in the mt directory.
|
|
|
|
have fun
|
|
|
|
eric 25-Jun-1997
|
|
|
|
IRIX 5.x will build as a 32 bit system with mips1 assember.
|
|
IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
|
|
to n32 standards. In theory you can compile the 64 bit assember under
|
|
IRIX 5.x but you will have to have the correct system software installed.
|