Changes between 1.0.2s and 1.0.2t [xx XXX xxxx]
- *)
+ *) Document issue with installation paths in diverse Windows builds
+
+ '/usr/local/ssl' is an unsafe prefix for location to install OpenSSL
+ binaries and run-time config file.
+ (CVE-2019-1552)
+ [Richard Levitte]
Changes between 1.0.2r and 1.0.2s [28 May 2019]
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.
- RUN-TIME CAVEAT LECTOR
- --------------
+ CAVEAT LECTOR
+ -------------
+
+ ### Default install and config paths
+
+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
+ suitable for Unix, but not for Windows, where this usually is a world
+ writable directory and therefore accessible for change by untrusted users.
+ It is therefore recommended to set your own --prefix or --openssldir to
+ some location that is not world writeable (see the example above)
+
+ ### Entropy
Quoting FAQ:
get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong.
+ CAVEAT LECTOR
+ -------------
+
+ ### Default install and config paths
+
+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
+ suitable for Unix, but not for Windows, where this usually is a world
+ writable directory and therefore accessible for change by untrusted users.
+ It is therefore recommended to set your own --prefix or --openssldir to
+ some location that is not world writeable (see the example above)
+
Visual C++
----------
---------------------
* Configure for building with Borland Builder:
- > perl Configure BC-32
+ > perl Configure BC-32 --prefix=c:\some\openssl\dir
* Create the appropriate makefile
> ms\do_nasm
* Compile OpenSSL:
- $ ./config
+ $ ./config --prefix=c:/some/openssl/dir
[...]
$ make
[...]
and openssl.exe application in apps directory.
It is also possible to cross-compile it on Linux by configuring
- with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
+ like this:
+
+ $ ./Configure --cross-compile-prefix=i386-mingw32- \
+ --prefix=c:/some/openssl/dir mingw ...
+
'make test' is naturally not applicable then.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
$ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin
+ ("c:\openssl" should be whatever you specified to --prefix when
+ configuring the build)
+
Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:.
Neither of these is actually big deal and hardly encountered
in real-life applications.
+ ### Default install and config paths
+
+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
+ suitable for Unix, but not for Windows, where this usually is a world
+ writable directory and therefore accessible for change by untrusted users.
+ It is therefore recommended to set your own --prefix or --openssldir to
+ some location that is not world writeable (see the example above)
+
Compiling procedure
-------------------
To build for Win64/x64:
- > perl Configure VC-WIN64A
+ > perl Configure VC-WIN64A --prefix=c:\some\openssl\dir
> ms\do_win64a
> nmake -f ms\ntdll.mak
> cd out32dll
To build for Win64/IA64:
- > perl Configure VC-WIN64I
+ > perl Configure VC-WIN64I --prefix=c:\some\openssl\dir
> ms\do_win64i
> nmake -f ms\ntdll.mak
> cd out32dll
redirects IO to active sync link, while PortSDK - to NT-like console
driver on the handheld itself.
+ CAVEAT LECTOR
+ -------------
+
+ ### Default install and config paths
+
+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
+ suitable for Unix, but not for Windows, where this usually is a world
+ writable directory and therefore accessible for change by untrusted users.
+ It is therefore recommended to set your own --prefix or --openssldir to
+ some location that is not world writeable (see the example above)
+
Building
--------
Next you should run Configure:
- > perl Configure VC-CE
+ > perl Configure VC-CE --prefix=c:\some\openssl\dir
Next you need to build the Makefiles:
projects / oweals / openssl.git / commitdiff