1 Installing OpenSSL on Unix
2 --------------------------
4 [For instructions for compiling OpenSSL on Windows systems, see
7 To install OpenSSL, you will need:
11 * A supported operating system
16 If you want to just get on with it, do:
18 ./Configure Find a match for your system
19 in this output and use it on
22 make -f Makefile.ssl links
28 This will build and install OpenSSL in the default location, which is
29 /usr/local/ssl. If you want to install it anywhere else, do this
30 after running ./Configure <system>:
32 utils/ssldir.pl /new/install/path
34 If anything goes wrong, follow the detailed instructions below. If
35 your operating system is not (yet) supported by OpenSSL, see the
36 section on porting to a new system.
38 Installation in Detail
39 ----------------------
41 1. Configure OpenSSL for your operating system
43 OpenSSL knows about a range of different operating system, hardware
44 and compiler combinations. To see the ones it knows about, run
48 Pick a suitable name from the list that matches your system. For
49 most operating systems there is a choice between using "cc" or
52 When you have identified your system (and if necessary compiler)
53 use this name as the argument to ./Configure. For example, a
54 "linux-elf" user would run:
58 If your system is not available, you will have to edit the Configure
59 program and add the correct configuration for your system.
61 Configure configures various files by converting an existing .org
62 file into the real file. If you edit any files, remember that if
63 a corresponding .org file exists them the next time you run
64 ./Configure your changes will be lost when the file gets
65 re-created from the .org file. The files that are created from
79 2. Set the install directory
81 If the install directory will be the default of /usr/local/ssl,
82 skip to the next stage. Otherwise, run
84 utils/ssldir.pl /new/install/path
86 This configures the installation location into the "install"
87 target of the top-level Makefile, and also updates some defines
88 in an include file so that the default certificate directory is
89 under the proper installation directory. It also updates a few
90 utility files used in the build process.
98 This will build the OpenSSL libraries (libcrypto.a and libssl.a)
99 and the OpenSSL binary ("ssleay"). The libraries will be built
100 in the top-level directory, and the binary will be in the "apps"
103 4. After a successful build, the libraries should be tested. Run
108 (The first line makes the test certificates in the "certs"
109 directory accessable via an hash name, which is required for some
112 5. If everything tests ok, install OpenSSL with
116 This will create the installation directory (if it does not
117 exist) and then create the following subdirectories:
119 bin Contains the ssleay binary and a few other utility
120 programs. It also contains symbolic links so
121 that ssleay commands can be accessed directly
122 (e.g. so that "s_client" can be used instead of
124 certs Initially empty, this is the default location
125 for certificate files.
126 include Contains the header files needed if you want to
127 compile programs with libcrypto or libssl.
128 lib Contains the library files themselves and the
129 OpenSSL configuration file "ssleay.cnf".
130 private Initially empty, this is the default location
131 for private key files.
133 ----------------------------------------------------------------------
135 Additional Compilation Notes
136 ----------------------------
138 These notes come from SSLeay 0.9.1 and cover some more advanced
139 facilities (such as building a single makefile for use on Windows
143 # Installation of SSLeay.
144 # It depends on perl for a few bits but those steps can be skipped and
145 # the top level makefile edited by hand
147 # When bringing the SSLeay distribution back from the evil intel world
148 # of Windows NT, do the following to make it nice again under unix :-)
149 # You don't normally need to run this.
150 sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
152 # If you have perl, and it is not in /usr/local/bin, you can run
153 perl util/perlpath.pl /new/path
154 # and this will fix the paths in all the scripts. DO NOT put
155 # /new/path/perl, just /new/path. The build
156 # environment always run scripts as 'perl perlscript.pl' but some of the
157 # 'applications' are easier to usr with the path fixed.
159 # Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
160 # to set the install locations if you don't like
161 # the default location of /usr/local/ssl
163 perl util/ssldir.pl /new/ssl/home
164 # if you have perl, or by hand if not.
166 # If things have been stuffed up with the sym links, run
167 make -f Makefile.ssl links
168 # This will re-populate lib/include with symlinks and for each
169 # directory, link Makefile to Makefile.ssl
171 # Setup the machine dependent stuff for the top level makefile
172 # and some select .h files
173 # If you don't have perl, this will bomb, in which case just edit the
174 # top level Makefile.ssl
175 ./Configure 'system type'
177 # The 'Configure' command contains default configuration parameters
178 # for lots of machines. Configure edits 5 lines in the top level Makefile
179 # It modifies the following values in the following files
180 Makefile.ssl CC CFLAG EX_LIBS BN_MULW
181 crypto/des/des.h DES_LONG
182 crypto/des/des_locl.h DES_PTR
183 crypto/md2/md2.h MD2_INT
184 crypto/rc4/rc4.h RC4_INT
185 crypto/rc4/rc4_enc.c RC4_INDEX
186 crypto/rc2/rc2.h RC2_INT
187 crypto/bf/bf_locl.h BF_INT
188 crypto/idea/idea.h IDEA_INT
189 crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
190 SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
191 SIXTEEN_BIT or EIGHT_BIT)
192 Please remember that all these files are actually copies of the file with
193 a .org extention. So if you change crypto/des/des.h, the next time
194 you run Configure, it will be runover by a 'configured' version of
195 crypto/des/des.org. So to make the changer the default, change the .org
196 files. The reason these files have to be edited is because most of
197 these modifications change the size of fundamental data types.
198 While in theory this stuff is optional, it often makes a big
199 difference in performance and when using assember, it is importaint
200 for the 'Bignum bits' match those required by the assember code.
201 A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
202 flag to use the hardware multiply instruction which was not present in
203 earlier versions of the sparc CPU. I define it by default. If you
204 have an old sparc, and it crashes, try rebuilding with this flag
205 removed. I am leaving this flag on by default because it makes
206 things run 4 times faster :-)
208 # clean out all the old stuff
211 # Do a make depend only if you have the makedepend command installed
212 # This is not needed but it does make things nice when developing.
215 # make should build everything
218 # fix up the demo certificate hash directory if it has been stuffed up.
227 # It is worth noting that all the applications are built into the one
228 # program, ssleay, which is then has links from the other programs
230 # The applicatons can be built by themselves, just don't define the
231 # 'MONOLITH' flag. So to build the 'enc' program stand alone,
232 gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
234 # Other useful make options are
236 # which generate a 'makefile.one' file which will build the complete
237 # SSLeay distribution with temp. files in './tmp' and 'installable' files
240 # Have a look at running
241 perl util/mk1mf.pl help
242 # this can be used to generate a single makefile and is about the only
243 # way to generate makefiles for windows.
245 # There is actually a final way of building SSLeay.
246 gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
247 gcc -O2 -c -Issl -Iinclude ssl/ssl.c
248 # and you now have the 2 libraries as single object files :-).
249 # If you want to use the assember code for your particular platform
250 # (DEC alpha/x86 are the main ones, the other assember is just the
251 # output from gcc) you will need to link the assember with the above generated
252 # object file and also do the above compile as
253 gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
255 This last option is probably the best way to go when porting to another
256 platform or building shared libraries. It is not good for development so
257 I don't normally use it.
259 To build shared libararies under unix, have a look in shlib, basically
260 you are on your own, but it is quite easy and all you have to do
261 is compile 2 (or 3) files.
263 For mult-threading, have a read of doc/threads.doc. Again it is quite
264 easy and normally only requires some extra callbacks to be defined
266 The examples for solaris and windows NT/95 are in the mt directory.
272 IRIX 5.x will build as a 32 bit system with mips1 assember.
273 IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
274 to n32 standards. In theory you can compile the 64 bit assember under
275 IRIX 5.x but you will have to have the correct system software installed.