387 lines
15 KiB
Text
387 lines
15 KiB
Text
|
|
INSTALLATION ON THE UNIX PLATFORM
|
|
---------------------------------
|
|
|
|
[See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
|
|
and INSTALL.VMS for installing on OpenVMS systems.]
|
|
|
|
To install OpenSSL, you will need:
|
|
|
|
* Perl 5
|
|
* an ANSI C compiler
|
|
* a supported Unix operating system
|
|
|
|
Quick Start
|
|
-----------
|
|
|
|
If you want to just get on with it, do:
|
|
|
|
$ ./config
|
|
$ make
|
|
$ make test
|
|
$ make install
|
|
|
|
[If any of these steps fails, see section Installation in Detail below.]
|
|
|
|
This will build and install OpenSSL in the default location, which is (for
|
|
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
|
|
run config like this:
|
|
|
|
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
|
|
|
|
|
|
Configuration Options
|
|
---------------------
|
|
|
|
There are several options to ./config to customize the build:
|
|
|
|
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
|
|
Configuration files used by OpenSSL will be in DIR/ssl
|
|
or the directory specified by --openssldir.
|
|
|
|
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
|
|
the library files and binaries are also installed there.
|
|
|
|
rsaref Build with RSADSI's RSAREF toolkit (this assumes that
|
|
librsaref.a is in the library search path).
|
|
|
|
no-threads Don't try to build with support for multi-threaded
|
|
applications.
|
|
|
|
threads Build with support for multi-threaded applications.
|
|
This will usually require additional system-dependent options!
|
|
See "Note on multi-threading" below.
|
|
|
|
no-asm Do not use assembler code.
|
|
|
|
386 Use the 80386 instruction set only (the default x86 code is
|
|
more efficient, but requires at least a 486).
|
|
|
|
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
|
|
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
|
|
The crypto/<cipher> directory can be removed after running
|
|
"make depend".
|
|
|
|
-Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
|
|
be passed through to the compiler to allow you to
|
|
define preprocessor symbols, specify additional libraries,
|
|
library directories or other compiler options.
|
|
|
|
|
|
Installation in Detail
|
|
----------------------
|
|
|
|
1a. Configure OpenSSL for your operation system automatically:
|
|
|
|
$ ./config [options]
|
|
|
|
This guesses at your operating system (and compiler, if necessary) and
|
|
configures OpenSSL based on this guess. Run ./config -t to see
|
|
if it guessed correctly. If it did not get it correct or you want to
|
|
use a different compiler then go to step 1b. Otherwise go to step 2.
|
|
|
|
On some systems, you can include debugging information as follows:
|
|
|
|
$ ./config -d [options]
|
|
|
|
1b. Configure OpenSSL for your operating system manually
|
|
|
|
OpenSSL knows about a range of different operating system, hardware and
|
|
compiler combinations. To see the ones it knows about, run
|
|
|
|
$ ./Configure
|
|
|
|
Pick a suitable name from the list that matches your system. For most
|
|
operating systems there is a choice between using "cc" or "gcc". When
|
|
you have identified your system (and if necessary compiler) use this name
|
|
as the argument to ./Configure. For example, a "linux-elf" user would
|
|
run:
|
|
|
|
$ ./Configure linux-elf [options]
|
|
|
|
If your system is not available, you will have to edit the Configure
|
|
program and add the correct configuration for your system. The
|
|
generic configurations "cc" or "gcc" should usually work.
|
|
|
|
Configure creates the file Makefile.ssl from Makefile.org and
|
|
defines various macros in crypto/opensslconf.h (generated from
|
|
crypto/opensslconf.h.in).
|
|
|
|
2. Build OpenSSL by running:
|
|
|
|
$ make
|
|
|
|
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
|
|
OpenSSL binary ("openssl"). The libraries will be built in the top-level
|
|
directory, and the binary will be in the "apps" directory.
|
|
|
|
If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
|
|
Include the output of "./config -t" and the OpenSSL version
|
|
number in your message.
|
|
|
|
[If you encounter assembler error messages, try the "no-asm"
|
|
configuration option as an immediate fix. Note that on Solaris x86
|
|
(not on Sparcs!) you may have to install the GNU assembler to use
|
|
OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
|
|
|
|
Compiling parts of OpenSSL with gcc and others with the system
|
|
compiler will result in unresolved symbols on some systems.
|
|
|
|
3. After a successful build, the libraries should be tested. Run:
|
|
|
|
$ make test
|
|
|
|
If a test fails, try removing any compiler optimization flags from
|
|
the CFLAGS line in Makefile.ssl and run "make clean; make". Please
|
|
send a bug report to <openssl-bugs@openssl.org>, including the
|
|
output of "openssl version -a" and of the failed test.
|
|
|
|
4. If everything tests ok, install OpenSSL with
|
|
|
|
$ make install
|
|
|
|
This will create the installation directory (if it does not exist) and
|
|
then the following subdirectories:
|
|
|
|
certs Initially empty, this is the default location
|
|
for certificate files.
|
|
misc Various scripts.
|
|
private Initially empty, this is the default location
|
|
for private key files.
|
|
|
|
If you didn't chose a different installation prefix, the
|
|
following additional subdirectories will be created:
|
|
|
|
bin Contains the openssl binary and a few other
|
|
utility programs.
|
|
include/openssl Contains the header files needed if you want to
|
|
compile programs with libcrypto or libssl.
|
|
lib Contains the OpenSSL library files themselves.
|
|
|
|
Package builders who want to configure the library for standard
|
|
locations, but have the package installed somewhere else so that
|
|
it can easily be packaged, can use
|
|
|
|
$ make INSTALL_PREFIX=/tmp/package-root install
|
|
|
|
(or specify "--install_prefix=/tmp/package-root" as a configure
|
|
option). The specified prefix will be prepended to all
|
|
installation target filenames.
|
|
|
|
|
|
NOTE: The header files used to reside directly in the include
|
|
directory, but have now been moved to include/openssl so that
|
|
OpenSSL can co-exist with other libraries which use some of the
|
|
same filenames. This means that applications that use OpenSSL
|
|
should now use C preprocessor directives of the form
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
instead of "#include <ssl.h>", which was used with library versions
|
|
up to OpenSSL 0.9.2b.
|
|
|
|
If you install a new version of OpenSSL over an old library version,
|
|
you should delete the old header files in the include directory.
|
|
|
|
Compatibility issues:
|
|
|
|
* COMPILING existing applications
|
|
|
|
To compile an application that uses old filenames -- e.g.
|
|
"#include <ssl.h>" --, it will usually be enough to find
|
|
the CFLAGS definition in the application's Makefile and
|
|
add a C option such as
|
|
|
|
-I/usr/local/ssl/include/openssl
|
|
|
|
to it.
|
|
|
|
But don't delete the existing -I option that points to
|
|
the ..../include directory! Otherwise, OpenSSL header files
|
|
could not #include each other.
|
|
|
|
* WRITING applications
|
|
|
|
To write an application that is able to handle both the new
|
|
and the old directory layout, so that it can still be compiled
|
|
with library versions up to OpenSSL 0.9.2b without bothering
|
|
the user, you can proceed as follows:
|
|
|
|
- Always use the new filename of OpenSSL header files,
|
|
e.g. #include <openssl/ssl.h>.
|
|
|
|
- Create a directory "incl" that contains only a symbolic
|
|
link named "openssl", which points to the "include" directory
|
|
of OpenSSL.
|
|
For example, your application's Makefile might contain the
|
|
following rule, if OPENSSLDIR is a pathname (absolute or
|
|
relative) of the directory where OpenSSL resides:
|
|
|
|
incl/openssl:
|
|
-mkdir incl
|
|
cd $(OPENSSLDIR) # Check whether the directory really exists
|
|
-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
|
|
|
|
You will have to add "incl/openssl" to the dependencies
|
|
of those C files that include some OpenSSL header file.
|
|
|
|
- Add "-Iincl" to your CFLAGS.
|
|
|
|
With these additions, the OpenSSL header files will be available
|
|
under both name variants if an old library version is used:
|
|
Your application can reach them under names like <openssl/foo.h>,
|
|
while the header files still are able to #include each other
|
|
with names of the form <foo.h>.
|
|
|
|
|
|
Note on multi-threading
|
|
-----------------------
|
|
|
|
For some systems, the OpenSSL Configure script knows what compiler options
|
|
are needed to generate a library that is suitable for multi-threaded
|
|
applications. On these systems, support for multi-threading is enabled
|
|
by default; use the "no-threads" option to disable (this should never be
|
|
necessary).
|
|
|
|
On other systems, to enable support for multi-threading, you will have
|
|
to specify at least two options: "threads", and a system-dependent option.
|
|
(The latter is "-D_REENTRANT" on various systems.) The default in this
|
|
case, obviously, is not to include support for multi-threading (but
|
|
you can still use "no-threads" to suppress an annoying warning message
|
|
from the Configure script.)
|
|
|
|
|
|
--------------------------------------------------------------------------------
|
|
The orignal Unix build instructions from SSLeay follow.
|
|
Note: some of this may be out of date and no longer applicable
|
|
--------------------------------------------------------------------------------
|
|
|
|
# When bringing the SSLeay distribution back from the evil intel world
|
|
# of Windows NT, do the following to make it nice again under unix :-)
|
|
# You don't normally need to run this.
|
|
sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
|
|
|
|
# If you have perl, and it is not in /usr/local/bin, you can run
|
|
perl util/perlpath.pl /new/path
|
|
# and this will fix the paths in all the scripts. DO NOT put
|
|
# /new/path/perl, just /new/path. The build
|
|
# environment always run scripts as 'perl perlscript.pl' but some of the
|
|
# 'applications' are easier to usr with the path fixed.
|
|
|
|
# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
|
|
# to set the install locations if you don't like
|
|
# the default location of /usr/local/ssl
|
|
# Do this by running
|
|
perl util/ssldir.pl /new/ssl/home
|
|
# if you have perl, or by hand if not.
|
|
|
|
# If things have been stuffed up with the sym links, run
|
|
make -f Makefile.ssl links
|
|
# This will re-populate lib/include with symlinks and for each
|
|
# directory, link Makefile to Makefile.ssl
|
|
|
|
# Setup the machine dependent stuff for the top level makefile
|
|
# and some select .h files
|
|
# If you don't have perl, this will bomb, in which case just edit the
|
|
# top level Makefile.ssl
|
|
./Configure 'system type'
|
|
|
|
# The 'Configure' command contains default configuration parameters
|
|
# for lots of machines. Configure edits 5 lines in the top level Makefile
|
|
# It modifies the following values in the following files
|
|
Makefile.ssl CC CFLAG EX_LIBS BN_MULW
|
|
crypto/des/des.h DES_LONG
|
|
crypto/des/des_locl.h DES_PTR
|
|
crypto/md2/md2.h MD2_INT
|
|
crypto/rc4/rc4.h RC4_INT
|
|
crypto/rc4/rc4_enc.c RC4_INDEX
|
|
crypto/rc2/rc2.h RC2_INT
|
|
crypto/bf/bf_locl.h BF_INT
|
|
crypto/idea/idea.h IDEA_INT
|
|
crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
|
|
SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
|
|
SIXTEEN_BIT or EIGHT_BIT)
|
|
Please remember that all these files are actually copies of the file with
|
|
a .org extention. So if you change crypto/des/des.h, the next time
|
|
you run Configure, it will be runover by a 'configured' version of
|
|
crypto/des/des.org. So to make the changer the default, change the .org
|
|
files. The reason these files have to be edited is because most of
|
|
these modifications change the size of fundamental data types.
|
|
While in theory this stuff is optional, it often makes a big
|
|
difference in performance and when using assember, it is importaint
|
|
for the 'Bignum bits' match those required by the assember code.
|
|
A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
|
|
flag to use the hardware multiply instruction which was not present in
|
|
earlier versions of the sparc CPU. I define it by default. If you
|
|
have an old sparc, and it crashes, try rebuilding with this flag
|
|
removed. I am leaving this flag on by default because it makes
|
|
things run 4 times faster :-)
|
|
|
|
# clean out all the old stuff
|
|
make clean
|
|
|
|
# Do a make depend only if you have the makedepend command installed
|
|
# This is not needed but it does make things nice when developing.
|
|
make depend
|
|
|
|
# make should build everything
|
|
make
|
|
|
|
# fix up the demo certificate hash directory if it has been stuffed up.
|
|
make rehash
|
|
|
|
# test everything
|
|
make test
|
|
|
|
# install the lot
|
|
make install
|
|
|
|
# It is worth noting that all the applications are built into the one
|
|
# program, ssleay, which is then has links from the other programs
|
|
# names to it.
|
|
# The applicatons can be built by themselves, just don't define the
|
|
# 'MONOLITH' flag. So to build the 'enc' program stand alone,
|
|
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
|
|
|
|
# Other useful make options are
|
|
make makefile.one
|
|
# which generate a 'makefile.one' file which will build the complete
|
|
# SSLeay distribution with temp. files in './tmp' and 'installable' files
|
|
# in './out'
|
|
|
|
# Have a look at running
|
|
perl util/mk1mf.pl help
|
|
# this can be used to generate a single makefile and is about the only
|
|
# way to generate makefiles for windows.
|
|
|
|
# There is actually a final way of building SSLeay.
|
|
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
|
|
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
|
|
# and you now have the 2 libraries as single object files :-).
|
|
# If you want to use the assember code for your particular platform
|
|
# (DEC alpha/x86 are the main ones, the other assember is just the
|
|
# output from gcc) you will need to link the assember with the above generated
|
|
# object file and also do the above compile as
|
|
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
|
|
|
|
This last option is probably the best way to go when porting to another
|
|
platform or building shared libraries. It is not good for development so
|
|
I don't normally use it.
|
|
|
|
To build shared libararies under unix, have a look in shlib, basically
|
|
you are on your own, but it is quite easy and all you have to do
|
|
is compile 2 (or 3) files.
|
|
|
|
For mult-threading, have a read of doc/threads.doc. Again it is quite
|
|
easy and normally only requires some extra callbacks to be defined
|
|
by the application.
|
|
The examples for solaris and windows NT/95 are in the mt directory.
|
|
|
|
have fun
|
|
|
|
eric 25-Jun-1997
|
|
|
|
IRIX 5.x will build as a 32 bit system with mips1 assember.
|
|
IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
|
|
to n32 standards. In theory you can compile the 64 bit assember under
|
|
IRIX 5.x but you will have to have the correct system software installed.
|