Finish off support for Certificate Policies extension.

[thirdparty/openssl.git] / INSTALL

 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------

 [For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].

 To install OpenSSL, you will need:

  * Perl
  * C compiler
  * A supported Unix operating system

 Quick Start
 -----------

 If you want to just get on with it, do:

  $ ./config                  [if this fails, go to step 1b below]
  $ make
  $ make rehash
  $ make test
  $ make install

 This will build and install OpenSSL in the default location, which is (for
 historical reasons) /usr/local/ssl. If you want to install it anywhere else,
 do this after running `./config':

  $ perl util/ssldir.pl /new/install/path

 There are several options to ./config to customize the build:

  rsaref    Build with RSADSI's RSAREF toolkit.
  no-asm    Build with no assembler code.
  386       Use the 80386 instruction set only (the default x86 code is
            more efficient, but requires at least a 486).

 If anything goes wrong, follow the detailed instructions below. If your
 operating system is not (yet) supported by OpenSSL, see the section on
 porting to a new system.

 Installation in Detail
 ----------------------

 1a. Configure OpenSSL for your operation system automatically:

       $ ./config

     This guesses at your operating system (and compiler, if necessary) and
     configures OpenSSL based on this guess. Check the first line of output to
     see if it guessed correctly. If it did not get it correct or you want to
     use a different compiler then go to step 1b. Otherwise go to step 2.

 1b. Configure OpenSSL for your operating system manually

     OpenSSL knows about a range of different operating system, hardware and
     compiler combinations. To see the ones it knows about, run

       $ ./Configure

     Pick a suitable name from the list that matches your system. For most
     operating systems there is a choice between using "cc" or "gcc".  When
     you have identified your system (and if necessary compiler) use this name
     as the argument to ./Configure. For example, a "linux-elf" user would
     run:

       $ ./Configure linux-elf

     If your system is not available, you will have to edit the Configure
     program and add the correct configuration for your system.

     Configure configures various files by converting an existing .org file
     into the real file. If you edit any files, remember that if a
     corresponding .org file exists them the next time you run ./Configure
     your changes will be lost when the file gets re-created from the .org
     file. The files that are created from .org files are:

       Makefile.ssl
       crypto/des/des.h
       crypto/des/des_locl.h
       crypto/md2/md2.h
       crypto/rc4/rc4.h
       crypto/rc4/rc4_enc.c
       crypto/rc2/rc2.h
       crypto/bf/bf_locl.h
       crypto/idea/idea.h
       crypto/bn/bn.h

  2. Set the install directory

     If the install directory will be the default of /usr/local/ssl, skip to
     the next stage. Otherwise, run

        $ perl util/ssldir.pl /new/install/path

     This configures the installation location into the "install" target of
     the top-level Makefile, and also updates some defines in an include file
     so that the default certificate directory is under the proper
     installation directory. It also updates a few utility files used in the
     build process.

  3. Build OpenSSL by running:

       $ make

     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
     OpenSSL binary ("openssl"). The libraries will be built in the top-level
     directory, and the binary will be in the "apps" directory.

  4. After a successful build, the libraries should be tested. Run:

       $ make rehash
       $ make test

     (The first line makes the test certificates in the "certs" directory
     accessable via an hash name, which is required for some of the tests).

  5. If everything tests ok, install OpenSSL with

       $ make install

     This will create the installation directory (if it does not exist) and
     then create the following subdirectories:

       bin            Contains the openssl binary and a few other 
                      utility programs. 
       include        Contains the header files needed if you want to
                      compile programs with libcrypto or libssl.
       lib            Contains the library files themselves and the
                      OpenSSL configuration file "openssl.cnf".
       certs          Initially empty, this is the default location
                      for certificate files.
       private        Initially empty, this is the default location
                      for private key files.


--------------------------------------------------------------------------------
The orignal Unix build instructions from SSLeay follow. 
Note: some of this may be out of date and no longer applicable
--------------------------------------------------------------------------------

# When bringing the SSLeay distribution back from the evil intel world
# of Windows NT, do the following to make it nice again under unix :-)
# You don't normally need to run this.
sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996

# If you have perl, and it is not in /usr/local/bin, you can run
perl util/perlpath.pl /new/path
# and this will fix the paths in all the scripts.  DO NOT put
# /new/path/perl, just /new/path. The build
# environment always run scripts as 'perl perlscript.pl' but some of the
# 'applications' are easier to usr with the path fixed.

# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
# to set the install locations if you don't like
# the default location of /usr/local/ssl
# Do this by running
perl util/ssldir.pl /new/ssl/home
# if you have perl, or by hand if not.

# If things have been stuffed up with the sym links, run
make -f Makefile.ssl links
# This will re-populate lib/include with symlinks and for each
# directory, link Makefile to Makefile.ssl

# Setup the machine dependent stuff for the top level makefile
# and some select .h files
# If you don't have perl, this will bomb, in which case just edit the
# top level Makefile.ssl
./Configure 'system type'

# The 'Configure' command contains default configuration parameters
# for lots of machines.  Configure edits 5 lines in the top level Makefile
# It modifies the following values in the following files
Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
crypto/des/des.h	DES_LONG
crypto/des/des_locl.h	DES_PTR
crypto/md2/md2.h	MD2_INT
crypto/rc4/rc4.h	RC4_INT
crypto/rc4/rc4_enc.c	RC4_INDEX
crypto/rc2/rc2.h	RC2_INT
crypto/bf/bf_locl.h	BF_INT
crypto/idea/idea.h	IDEA_INT
crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
				  SIXTEEN_BIT or EIGHT_BIT)
Please remember that all these files are actually copies of the file with
a .org extention.  So if you change crypto/des/des.h, the next time
you run Configure, it will be runover by a 'configured' version of
crypto/des/des.org.  So to make the changer the default, change the .org
files.  The reason these files have to be edited is because most of
these modifications change the size of fundamental data types.
While in theory this stuff is optional, it often makes a big
difference in performance and when using assember, it is importaint
for the 'Bignum bits' match those required by the assember code.
A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
flag to use the hardware multiply instruction which was not present in
earlier versions of the sparc CPU.  I define it by default.  If you
have an old sparc, and it crashes, try rebuilding with this flag
removed.  I am leaving this flag on by default because it makes
things run 4 times faster :-)

# clean out all the old stuff
make clean

# Do a make depend only if you have the makedepend command installed
# This is not needed but it does make things nice when developing.
make depend

# make should build everything
make

# fix up the demo certificate hash directory if it has been stuffed up.
make rehash

# test everything
make test

# install the lot
make install

# It is worth noting that all the applications are built into the one
# program, ssleay, which is then has links from the other programs
# names to it.
# The applicatons can be built by themselves, just don't define the
# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a

# Other useful make options are
make makefile.one
# which generate a 'makefile.one' file which will build the complete
# SSLeay distribution with temp. files in './tmp' and 'installable' files
# in './out'

# Have a look at running
perl util/mk1mf.pl help
# this can be used to generate a single makefile and is about the only
# way to generate makefiles for windows.

# There is actually a final way of building SSLeay.
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
# and you now have the 2 libraries as single object files :-).
# If you want to use the assember code for your particular platform
# (DEC alpha/x86 are the main ones, the other assember is just the
# output from gcc) you will need to link the assember with the above generated
# object file and also do the above compile as
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c

This last option is probably the best way to go when porting to another
platform or building shared libraries.  It is not good for development so
I don't normally use it.

To build shared libararies under unix, have a look in shlib, basically 
you are on your own, but it is quite easy and all you have to do
is compile 2 (or 3) files.

For mult-threading, have a read of doc/threads.doc.  Again it is quite
easy and normally only requires some extra callbacks to be defined
by the application.
The examples for solaris and windows NT/95 are in the mt directory.

have fun

eric 25-Jun-1997

IRIX 5.x will build as a 32 bit system with mips1 assember.
IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
to n32 standards. In theory you can compile the 64 bit assember under
IRIX 5.x but you will have to have the correct system software installed.