1 Installing OpenSSL on Unix
2 --------------------------
4 [For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].
6 To install OpenSSL, you will need:
10 * A supported operating system
15 If you want to just get on with it, do:
17 sh config [if this fails, go to step 1b below]
23 This will build and install OpenSSL in the default location, which is
24 /usr/local/ssl. If you want to install it anywhere else, do this
25 after running `sh config':
27 perl util/ssldir.pl /new/install/path
29 If anything goes wrong, follow the detailed instructions below. If
30 your operating system is not (yet) supported by OpenSSL, see the
31 section on porting to a new system.
33 Installation in Detail
34 ----------------------
36 1a. Configure OpenSSL for your operation system automatically
42 This guesses at your operating system (and compiler, if
43 necessary) and configures OpenSSL based on this guess. Check the
44 first line of output to see if it guessed correctly. If it did
45 not get it correct or you want to use a different compiler then
46 go to step 1b. Otherwise go to step 2.
48 1b. Configure OpenSSL for your operating system manually
50 OpenSSL knows about a range of different operating system, hardware
51 and compiler combinations. To see the ones it knows about, run
55 Pick a suitable name from the list that matches your system. For
56 most operating systems there is a choice between using "cc" or
59 When you have identified your system (and if necessary compiler)
60 use this name as the argument to ./Configure. For example, a
61 "linux-elf" user would run:
65 If your system is not available, you will have to edit the Configure
66 program and add the correct configuration for your system.
68 Configure configures various files by converting an existing .org
69 file into the real file. If you edit any files, remember that if
70 a corresponding .org file exists them the next time you run
71 ./Configure your changes will be lost when the file gets
72 re-created from the .org file. The files that are created from
86 2. Set the install directory
88 If the install directory will be the default of /usr/local/ssl,
89 skip to the next stage. Otherwise, run
91 perl util/ssldir.pl /new/install/path
93 This configures the installation location into the "install"
94 target of the top-level Makefile, and also updates some defines
95 in an include file so that the default certificate directory is
96 under the proper installation directory. It also updates a few
97 utility files used in the build process.
105 This will build the OpenSSL libraries (libcrypto.a and libssl.a)
106 and the OpenSSL binary ("openssl"). The libraries will be built
107 in the top-level directory, and the binary will be in the "apps"
110 4. After a successful build, the libraries should be tested. Run
115 (The first line makes the test certificates in the "certs"
116 directory accessable via an hash name, which is required for some
119 5. If everything tests ok, install OpenSSL with
123 This will create the installation directory (if it does not
124 exist) and then create the following subdirectories:
126 bin Contains the openssl binary and a few other utility
127 programs. It also contains symbolic links so
128 that openssl commands can be accessed directly
129 (e.g. so that "s_client" can be used instead of
131 certs Initially empty, this is the default location
132 for certificate files.
133 include Contains the header files needed if you want to
134 compile programs with libcrypto or libssl.
135 lib Contains the library files themselves and the
136 OpenSSL configuration file "openssl.cnf".
137 private Initially empty, this is the default location
138 for private key files.
140 ----------------------------------------------------------------------
142 Additional Compilation Notes
143 ----------------------------
145 These notes come from SSLeay 0.9.1 and cover some more advanced
146 facilities (such as building a single makefile for use on Windows
150 # Installation of SSLeay.
151 # It depends on perl for a few bits but those steps can be skipped and
152 # the top level makefile edited by hand
154 # When bringing the SSLeay distribution back from the evil intel world
155 # of Windows NT, do the following to make it nice again under unix :-)
156 # You don't normally need to run this.
157 sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
159 # If you have perl, and it is not in /usr/local/bin, you can run
160 perl util/perlpath.pl /new/path
161 # and this will fix the paths in all the scripts. DO NOT put
162 # /new/path/perl, just /new/path. The build
163 # environment always run scripts as 'perl perlscript.pl' but some of the
164 # 'applications' are easier to usr with the path fixed.
166 # Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
167 # to set the install locations if you don't like
168 # the default location of /usr/local/ssl
170 perl util/ssldir.pl /new/ssl/home
171 # if you have perl, or by hand if not.
173 # If things have been stuffed up with the sym links, run
174 make -f Makefile.ssl links
175 # This will re-populate lib/include with symlinks and for each
176 # directory, link Makefile to Makefile.ssl
178 # Setup the machine dependent stuff for the top level makefile
179 # and some select .h files
180 # If you don't have perl, this will bomb, in which case just edit the
181 # top level Makefile.ssl
182 ./Configure 'system type'
184 # The 'Configure' command contains default configuration parameters
185 # for lots of machines. Configure edits 5 lines in the top level Makefile
186 # It modifies the following values in the following files
187 Makefile.ssl CC CFLAG EX_LIBS BN_MULW
188 crypto/des/des.h DES_LONG
189 crypto/des/des_locl.h DES_PTR
190 crypto/md2/md2.h MD2_INT
191 crypto/rc4/rc4.h RC4_INT
192 crypto/rc4/rc4_enc.c RC4_INDEX
193 crypto/rc2/rc2.h RC2_INT
194 crypto/bf/bf_locl.h BF_INT
195 crypto/idea/idea.h IDEA_INT
196 crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
197 SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
198 SIXTEEN_BIT or EIGHT_BIT)
199 Please remember that all these files are actually copies of the file with
200 a .org extention. So if you change crypto/des/des.h, the next time
201 you run Configure, it will be runover by a 'configured' version of
202 crypto/des/des.org. So to make the changer the default, change the .org
203 files. The reason these files have to be edited is because most of
204 these modifications change the size of fundamental data types.
205 While in theory this stuff is optional, it often makes a big
206 difference in performance and when using assember, it is importaint
207 for the 'Bignum bits' match those required by the assember code.
208 A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
209 flag to use the hardware multiply instruction which was not present in
210 earlier versions of the sparc CPU. I define it by default. If you
211 have an old sparc, and it crashes, try rebuilding with this flag
212 removed. I am leaving this flag on by default because it makes
213 things run 4 times faster :-)
215 # clean out all the old stuff
218 # Do a make depend only if you have the makedepend command installed
219 # This is not needed but it does make things nice when developing.
222 # make should build everything
225 # fix up the demo certificate hash directory if it has been stuffed up.
234 # It is worth noting that all the applications are built into the one
235 # program, ssleay, which is then has links from the other programs
237 # The applicatons can be built by themselves, just don't define the
238 # 'MONOLITH' flag. So to build the 'enc' program stand alone,
239 gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
241 # Other useful make options are
243 # which generate a 'makefile.one' file which will build the complete
244 # SSLeay distribution with temp. files in './tmp' and 'installable' files
247 # Have a look at running
248 perl util/mk1mf.pl help
249 # this can be used to generate a single makefile and is about the only
250 # way to generate makefiles for windows.
252 # There is actually a final way of building SSLeay.
253 gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
254 gcc -O2 -c -Issl -Iinclude ssl/ssl.c
255 # and you now have the 2 libraries as single object files :-).
256 # If you want to use the assember code for your particular platform
257 # (DEC alpha/x86 are the main ones, the other assember is just the
258 # output from gcc) you will need to link the assember with the above generated
259 # object file and also do the above compile as
260 gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
262 This last option is probably the best way to go when porting to another
263 platform or building shared libraries. It is not good for development so
264 I don't normally use it.
266 To build shared libararies under unix, have a look in shlib, basically
267 you are on your own, but it is quite easy and all you have to do
268 is compile 2 (or 3) files.
270 For mult-threading, have a read of doc/threads.doc. Again it is quite
271 easy and normally only requires some extra callbacks to be defined
273 The examples for solaris and windows NT/95 are in the mt directory.
279 IRIX 5.x will build as a 32 bit system with mips1 assember.
280 IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
281 to n32 standards. In theory you can compile the 64 bit assember under
282 IRIX 5.x but you will have to have the correct system software installed.