INSTALLATION ON THE UNIX PLATFORM
---------------------------------
- [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
- INSTALL.VMS for installing on OpenVMS systems, and INSTALL.MacOS for
- installing on MacOS, but not MacOS X, systems.]
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+ is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+ This document describes installation on operating systems in the Unix
+ family.]
To install OpenSSL, you will need:
+ * make
* Perl 5
* an ANSI C compiler
+ * a development environment in form of development libraries and C
+ header files
* a supported Unix operating system
Quick Start
Configuration Options
---------------------
- There are several options to ./config to customize the build:
+ There are several options to ./config (or ./Configure) to customize
+ the build:
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
Configuration files used by OpenSSL will be in DIR/ssl
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
- rsaref Build with RSADSI's RSAREF toolkit (this assumes that
- librsaref.a is in the library search path).
-
no-threads Don't try to build with support for multi-threaded
applications.
This will usually require additional system-dependent options!
See "Note on multi-threading" below.
+ no-zlib Don't try to build with support for zlib compression and
+ decompression.
+
+ zlib Build with support for zlib compression/decompression.
+
+ zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
+ when needed. This is only supported on systems where loading
+ of shared libraries is supported. This is the default choice.
+
+ no-shared Don't try to create shared libraries.
+
+ shared In addition to the usual static libraries, create shared
+ libraries on platforms where it's supported. See "Note on
+ shared libraries" below.
+
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
generic configurations "cc" or "gcc" should usually work on 32 bit
systems.
- Configure creates the file Makefile.ssl from Makefile.org and
+ Configure creates the file Makefile from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
crypto/opensslconf.h.in).
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
- If "make" fails, please report the problem to <openssl-bugs@openssl.org>
- (note that your message will be forwarded to a public mailing list).
- Include the output of "make report" in your message.
+ If "make" fails, look at the output. There may be reasons for
+ the failure that aren't problems in OpenSSL itself (like missing
+ standard headers). If it is a problem with OpenSSL itself, please
+ report the problem to <openssl-bugs@openssl.org> (note that your
+ message will be recorded in the request tracker publicly readable
+ via http://www.openssl.org/support/rt2.html and will be forwarded to a
+ public mailing list). Include the output of "make report" in your message.
+ Please check out the request tracker. Maybe the bug was already
+ reported or has already been fixed.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
$ make test
- If a test fails, try removing any compiler optimization flags from
- the CFLAGS line in Makefile.ssl and run "make clean; make". Please
- send a bug report to <openssl-bugs@openssl.org>, including the
- output of "make report".
+ If a test fails, look at the output. There may be reasons for
+ the failure that isn't a problem in OpenSSL itself (like a missing
+ or malfunctioning bc). If it is a problem with OpenSSL itself,
+ try removing any compiler optimization flags from the CFLAG line
+ in Makefile and run "make clean; make". Please send a bug
+ report to <openssl-bugs@openssl.org>, including the output of
+ "make report" in order to be added to the request tracker at
+ http://www.openssl.org/support/rt2.html.
4. If everything tests ok, install OpenSSL with
you can still use "no-threads" to suppress an annoying warning message
from the Configure script.)
+
+ Note on shared libraries
+ ------------------------
+
+ Shared library is currently an experimental feature. The only reason to
+ have them would be to conserve memory on systems where several program
+ are using OpenSSL. Binary backward compatibility can't be guaranteed
+ before OpenSSL version 1.0.
+
+ For some systems, the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems,
+ the shared libraries are currently not created by default, but giving
+ the option "shared" will get them created. This method supports Makefile
+ targets for shared library creation, like linux-shared. Those targets
+ can currently be used on their own just as well, but this is expected
+ to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
+
+ Note on support for multiple builds
+ -----------------------------------
+
+ OpenSSL is usually built in it's source tree. Unfortunately, this doesn't
+ support building for multiple platforms from the same source tree very well.
+ It is however possible to build in a separate tree through the use of lots
+ of symbolic links, which should be prepared like this:
+
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+ (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+ mkdir -p `dirname $F`
+ rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
+ echo $F '->' $OPENSSL_SOURCE/$F
+ done
+ make -f Makefile.org clean
+
+ OPENSSL_SOURCE is an environment variable that contains the absolute (this
+ is important!) path to the OpenSSL source tree.
+
+ Also, operations like 'make update' should still be made in the source tree.