]>
Commit | Line | Data |
---|---|---|
79e259e3 | 1 | |
d5957691 MC |
2 | OPENSSL INSTALLATION |
3 | -------------------- | |
79e259e3 | 4 | |
1fbab1dc RS |
5 | [This document describes installation on the main supported operating |
6 | systems, currently the Linux/Unix family, OpenVMS and Windows. | |
7 | Installation on DOS (with djgpp), MacOS (before MacOS X) | |
8 | is described in INSTALL.DJGPP or INSTALL.MacOS, respectively.] | |
4109b97c RE |
9 | |
10 | To install OpenSSL, you will need: | |
79e259e3 | 11 | |
d57d85ff | 12 | * make |
d36ab9ce RL |
13 | * Perl 5 with core modules (please read README.PERL) |
14 | * The perl module Text::Template (please read README.PERL) | |
73bfb9ad | 15 | * an ANSI C compiler |
d5957691 | 16 | * a development environment in the form of development libraries and C |
d57d85ff | 17 | header files |
2acd8ec7 RL |
18 | * a supported operating system |
19 | ||
84f4f0bd RL |
20 | For additional platform specific requirements and other details, |
21 | please read one of these: | |
2acd8ec7 | 22 | |
b32b8961 RL |
23 | * NOTES.VMS (OpenVMS) |
24 | * NOTES.WIN (any Windows except for Windows CE) | |
79e259e3 | 25 | |
4109b97c RE |
26 | Quick Start |
27 | ----------- | |
79e259e3 | 28 | |
4109b97c | 29 | If you want to just get on with it, do: |
79e259e3 | 30 | |
2acd8ec7 RL |
31 | on Unix: |
32 | ||
33 | $ ./config | |
34 | $ make | |
35 | $ make test | |
36 | $ make install | |
37 | ||
38 | on OpenVMS: | |
39 | ||
40 | $ @config | |
41 | $ mms | |
42 | $ mms test | |
43 | $ mms install | |
79e259e3 | 44 | |
b32b8961 RL |
45 | on Windows (only pick one of the targets for configuration): |
46 | ||
47 | $ perl Configure { VC-WIN32 | VC-WIN64A | VC-WIN64I | VC-CE } | |
48 | $ nmake | |
49 | $ nmake test | |
8c16829e | 50 | $ nmake install |
b32b8961 | 51 | |
d872c55c | 52 | [If any of these steps fails, see section Installation in Detail below.] |
b1fe6b43 | 53 | |
2acd8ec7 RL |
54 | This will build and install OpenSSL in the default location, which is: |
55 | ||
56 | Unix: normal installation directories under /usr/local | |
57 | OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the | |
667c6bfe RL |
58 | OpenSSL version number with underscores instead of periods. |
59 | Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL | |
2acd8ec7 RL |
60 | |
61 | If you want to install it anywhere else, run config like this: | |
79e259e3 | 62 | |
2acd8ec7 RL |
63 | On Unix: |
64 | ||
65 | $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl | |
66 | ||
67 | On OpenVMS: | |
68 | ||
69 | $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] | |
79e259e3 | 70 | |
b1fe6b43 UM |
71 | |
72 | Configuration Options | |
73 | --------------------- | |
74 | ||
2d99cee7 | 75 | There are several options to ./config (or ./Configure) to customize |
8c16829e RL |
76 | the build (note that for Windows, the defaults for --prefix and |
77 | --openssldir depend in what configuration is used and what Windows | |
78 | implementation OpenSSL is built on. More notes on this in NOTES.WIN): | |
2613c1fa | 79 | |
ecabf05e MC |
80 | --prefix=DIR |
81 | The top of the installation directory tree. Defaults are: | |
462ba4f6 | 82 | |
d5957691 | 83 | Unix: /usr/local |
8c16829e RL |
84 | Windows: C:\Program Files\OpenSSL |
85 | or C:\Program Files (x86)\OpenSSL | |
d5957691 | 86 | OpenVMS: SYS$COMMON:[OPENSSL-'version'] |
2acd8ec7 | 87 | |
ecabf05e MC |
88 | --openssldir=DIR |
89 | Directory for OpenSSL configuration files, and also the | |
d5957691 MC |
90 | default certificate and key store. Defaults are: |
91 | ||
667c6bfe | 92 | Unix: /usr/local/ssl |
8c16829e RL |
93 | Windows: C:\Program Files\Common Files\SSL |
94 | or C:\Program Files (x86)\Common Files\SSL | |
667c6bfe | 95 | OpenVMS: SYS$COMMON:[OPENSSL-COMMON] |
d5957691 | 96 | |
ecabf05e MC |
97 | --api=x.y.z |
98 | Don't build with support for deprecated APIs below the | |
d5957691 MC |
99 | specified version number. For example "--api=1.1.0" will |
100 | remove support for all APIS that were deprecated in OpenSSL | |
101 | version 1.1.0 or below. | |
102 | ||
ecabf05e MC |
103 | no-afalgeng |
104 | Don't build the AFALG engine. This option will be forced if | |
105 | on a platform that does not support AFALG. | |
106 | ||
107 | no-asm | |
05328815 MC |
108 | Do not use assembler code. On some platforms a small amount |
109 | of assembler code may still be used. | |
ecabf05e MC |
110 | |
111 | no-async | |
112 | Do not build support for async operations. | |
d5957691 | 113 | |
ecabf05e MC |
114 | no-autoalginit |
115 | Don't automatically load all supported ciphers and digests. | |
d5957691 MC |
116 | Typically OpenSSL will make available all of its supported |
117 | ciphers and digests. For a statically linked application this | |
118 | may be undesirable if small executable size is an objective. | |
119 | This only affects libcrypto. Ciphers and digests will have to | |
120 | be loaded manually using EVP_add_cipher() and | |
ecabf05e MC |
121 | EVP_add_digest() if this option is used. This option will |
122 | force a non-shared build. | |
d5957691 | 123 | |
ecabf05e MC |
124 | no-autoerrinit |
125 | Don't automatically load all libcrypto/libssl error strings. | |
d5957691 MC |
126 | Typically OpenSSL will automatically load human readable |
127 | error strings. For a statically linked application this may | |
128 | be undesirable if small executable size is an objective. | |
129 | ||
d5957691 | 130 | |
ecabf05e MC |
131 | no-capieng |
132 | Don't build the CAPI engine. This option will be forced if | |
133 | on a platform that does not support CAPI. | |
d5957691 | 134 | |
ecabf05e MC |
135 | no-cms |
136 | Don't build support for CMS features | |
d5957691 | 137 | |
ecabf05e MC |
138 | no-comp |
139 | Don't build support for SSL/TLS compression. If this option | |
140 | is left enabled (the default), then compression will only | |
141 | work if the zlib or zlib-dynamic options are also chosen. | |
d5957691 | 142 | |
ecabf05e MC |
143 | enable-crypto-mdebug |
144 | Build support for debugging memory allocated via | |
145 | OPENSSL_malloc() or OPENSSL_zalloc(). | |
146 | ||
147 | enable-crypto-mdebug-backtrace | |
148 | As for crypto-mdebug, but additionally provide backtrace | |
149 | information for allocated memory. | |
150 | ||
151 | no-ct | |
152 | Don't build support for Certificate Transparency. | |
153 | ||
154 | no-deprecated | |
155 | Don't build with support for any deprecated APIs. This is the | |
156 | same as using "--api" and supplying the latest version | |
157 | number. | |
158 | ||
159 | no-dgram | |
160 | Don't build support for datagram based BIOs. Selecting this | |
161 | option will also force the disabling of DTLS. | |
162 | ||
163 | no-dso | |
164 | Don't build support for loading Dynamic Shared Objects. | |
165 | ||
166 | no-dynamic-engine | |
167 | Don't build the dynamically loaded engines. This only has an | |
168 | effect in a "shared" build | |
169 | ||
170 | no-ec | |
171 | Don't build support for Elliptic Curves. | |
172 | ||
173 | no-ec2m | |
174 | Don't build support for binary Elliptic Curves | |
175 | ||
176 | enable-ec_nistp_64_gcc_128 | |
177 | Enable support for optimised implementations of some commonly | |
178 | used NIST elliptic curves. This is only supported on some | |
179 | platforms. | |
180 | ||
181 | enable-egd | |
182 | Build support for gathering entropy from EGD (Entropy | |
183 | Gathering Daemon). | |
184 | ||
185 | no-engine | |
186 | Don't build support for loading engines. | |
187 | ||
188 | no-err | |
189 | Don't compile in any error strings. | |
190 | ||
191 | no-filenames | |
192 | Don't compile in filename and line number information (e.g. | |
193 | for errors and memory allocation). | |
194 | ||
195 | no-gost | |
196 | Don't build support for GOST based ciphersuites. Note that | |
197 | if this feature is enabled then GOST ciphersuites are only | |
198 | available if the GOST algorithms are also available through | |
199 | loading an externally supplied engine. | |
200 | ||
201 | enable-heartbeats | |
202 | Build support for DTLS heartbeats. | |
203 | ||
204 | no-hw-padlock | |
205 | Don't build the padlock engine. | |
206 | ||
207 | no-makedepend | |
05328815 | 208 | Don't generate dependencies. |
ecabf05e MC |
209 | |
210 | no-multiblock | |
211 | Don't build support for writing multiple records in one | |
212 | go in libssl (Note: this is a different capability to the | |
213 | pipelining functionality). | |
214 | ||
215 | no-nextprotoneg | |
216 | Don't build support for the NPN TLS extension. | |
217 | ||
218 | no-ocsp | |
219 | Don't build support for OCSP. | |
d5957691 | 220 | |
ecabf05e MC |
221 | no-pic |
222 | Don't build with support for Position Independent Code. | |
d5957691 | 223 | |
ecabf05e MC |
224 | no-posix-io |
225 | Don't use POSIX IO capabilities. | |
226 | ||
227 | no-psk | |
228 | Don't build support for Pre-Shared Key based ciphersuites. | |
229 | ||
230 | no-rdrand | |
231 | Don't use hardware RDRAND capabilities. | |
232 | ||
233 | no-rfc3779 | |
234 | Don't build support for RFC3779 ("X.509 Extensions for IP | |
235 | Addresses and AS Identifiers") | |
236 | ||
ecabf05e MC |
237 | sctp |
238 | Build support for SCTP | |
239 | ||
ce942199 MC |
240 | no-shared |
241 | Do not create shared libraries, only static ones. See "Note | |
242 | on shared libraries" below. | |
d5957691 | 243 | |
ecabf05e MC |
244 | no-sock |
245 | Don't build support for socket BIOs | |
d5957691 | 246 | |
ecabf05e MC |
247 | no-srp |
248 | Don't build support for SRP or SRP based ciphersuites. | |
249 | ||
250 | no-srtp | |
251 | Don't build SRTP support | |
d5957691 | 252 | |
ecabf05e MC |
253 | no-sse2 |
254 | Exclude SSE2 code paths. Normally SSE2 extension is | |
d5957691 MC |
255 | detected at run-time, but the decision whether or not the |
256 | machine code will be executed is taken solely on CPU | |
257 | capability vector. This means that if you happen to run OS | |
258 | kernel which does not support SSE2 extension on Intel P4 | |
259 | processor, then your application might be exposed to | |
260 | "illegal instruction" exception. There might be a way | |
261 | to enable support in kernel, e.g. FreeBSD kernel can be | |
262 | compiled with CPU_ENABLE_SSE, and there is a way to | |
263 | disengage SSE2 code pathes upon application start-up, | |
264 | but if you aim for wider "audience" running such kernel, | |
05328815 | 265 | consider no-sse2. Both the 386 and no-asm options imply |
d5957691 MC |
266 | no-sse2. |
267 | ||
ecabf05e MC |
268 | enable-ssl-trace |
269 | Build with the SSL Trace capabilities (adds the "-trace" | |
270 | option to s_client and s_server). | |
271 | ||
272 | no-static-engine | |
273 | Don't build the statically linked engines. This only | |
274 | has an impact when not built "shared". | |
275 | ||
276 | no-stdio | |
277 | Don't use any C "stdio" features. Only libcrypto and libssl | |
278 | can be built in this way. Using this option will suppress | |
279 | building the command line applications. Additionally since | |
280 | the OpenSSL tests also use the command line applications the | |
281 | tests will also be skipped. | |
282 | ||
283 | no-threads | |
284 | Don't try to build with support for multi-threaded | |
285 | applications. | |
286 | ||
287 | threads | |
288 | Build with support for multi-threaded applications. Most | |
289 | platforms will enable this by default. However if on a | |
290 | platform where this is not the case then this will usually | |
291 | require additional system-dependent options! See "Note on | |
292 | multi-threading" below. | |
293 | ||
294 | no-ts | |
295 | Don't build Time Stamping Authority support. | |
296 | ||
297 | no-ui | |
298 | Don't build with the "UI" capability (i.e. the set of | |
299 | features enabling text based prompts). | |
300 | ||
301 | enable-unit-test | |
302 | Enable additional unit test APIs. This should not typically | |
303 | be used in production deployments. | |
304 | ||
305 | enable-weak-ssl-ciphers | |
306 | Build support for SSL/TLS ciphers that are considered "weak" | |
307 | (e.g. RC4 based ciphersuites). | |
308 | ||
309 | zlib | |
310 | Build with support for zlib compression/decompression. | |
311 | ||
312 | zlib-dynamic | |
313 | Like "zlib", but has OpenSSL load the zlib library | |
314 | dynamically when needed. This is only supported on systems | |
315 | where loading of shared libraries is supported. | |
316 | ||
317 | 386 | |
318 | On Intel hardware, use the 80386 instruction set only | |
319 | (the default x86 code is more efficient, but requires at | |
320 | least a 486). Note: Use compiler flags for any other CPU | |
321 | specific configuration, e.g. "-m32" to build x86 code on | |
322 | an x64 system. | |
d5957691 | 323 | |
ecabf05e MC |
324 | no-<prot> |
325 | Don't build support for negotiating the specified SSL/TLS | |
326 | protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls, | |
327 | dtls1 or dtls1_2). If "no-tls" is selected then all of tls1, | |
328 | tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will | |
329 | disable dtls1 and dtls1_2. The "no-ssl" option is synonymous | |
330 | with "no-ssl3". Note this only affects version negotiation. | |
331 | OpenSSL will still provide the methods for applications to | |
332 | explicitly select the individual protocol versions. | |
333 | ||
334 | no-<prot>-method | |
335 | As for no-<prot> but in addition do not build the methods for | |
336 | applications to explicitly select individual protocol | |
337 | versions. | |
338 | ||
339 | enable-<alg> | |
340 | Build with support for the specified algorithm, where <alg> | |
341 | is one of: md2 or rc5. | |
342 | ||
343 | no-<alg> | |
344 | Build without support for the specified algorithm, where | |
345 | <alg> is one of: bf, blake2, camellia, cast, chacha, cmac, | |
346 | des, dh, dsa, ecdh, ecdsa, idea, md4, md5, mdc2, ocb, | |
347 | ploy1305, rc2, rc4, rmd160, scrypt, seed or whirlpool. The | |
348 | "ripemd" algorithm is deprecated and if used is synonymous | |
349 | with rmd160. | |
350 | ||
351 | -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx | |
352 | These system specific options will be passed through to the | |
353 | compiler to allow you to define preprocessor symbols, specify | |
354 | additional libraries, library directories or other compiler | |
d5957691 | 355 | options. |
b1fe6b43 | 356 | |
79e259e3 | 357 | |
4109b97c RE |
358 | Installation in Detail |
359 | ---------------------- | |
c9f06e7f | 360 | |
4109b97c | 361 | 1a. Configure OpenSSL for your operation system automatically: |
c9f06e7f | 362 | |
b32b8961 RL |
363 | NOTE: This is not available on Windows. |
364 | ||
2acd8ec7 RL |
365 | $ ./config [options] # Unix |
366 | ||
367 | or | |
368 | ||
369 | $ @config [options] ! OpenVMS | |
370 | ||
371 | For the remainder of this text, the Unix form will be used in all | |
372 | examples, please use the appropriate form for your platform. | |
c9f06e7f | 373 | |
4109b97c | 374 | This guesses at your operating system (and compiler, if necessary) and |
b1fe6b43 | 375 | configures OpenSSL based on this guess. Run ./config -t to see |
db209ec2 UM |
376 | if it guessed correctly. If you want to use a different compiler, you |
377 | are cross-compiling for another platform, or the ./config guess was | |
378 | wrong for other reasons, go to step 1b. Otherwise go to step 2. | |
c9f06e7f | 379 | |
b1fe6b43 UM |
380 | On some systems, you can include debugging information as follows: |
381 | ||
382 | $ ./config -d [options] | |
383 | ||
c9f06e7f | 384 | 1b. Configure OpenSSL for your operating system manually |
79e259e3 | 385 | |
4109b97c RE |
386 | OpenSSL knows about a range of different operating system, hardware and |
387 | compiler combinations. To see the ones it knows about, run | |
79e259e3 | 388 | |
2acd8ec7 RL |
389 | $ ./Configure # Unix |
390 | ||
391 | or | |
392 | ||
393 | $ perl Configure # All other platforms | |
394 | ||
395 | For the remainder of this text, the Unix form will be used in all | |
396 | examples, please use the appropriate form for your platform. | |
79e259e3 | 397 | |
4109b97c RE |
398 | Pick a suitable name from the list that matches your system. For most |
399 | operating systems there is a choice between using "cc" or "gcc". When | |
400 | you have identified your system (and if necessary compiler) use this name | |
2acd8ec7 | 401 | as the argument to Configure. For example, a "linux-elf" user would |
4109b97c | 402 | run: |
79e259e3 | 403 | |
b1fe6b43 | 404 | $ ./Configure linux-elf [options] |
79e259e3 | 405 | |
5bb9e2b4 RL |
406 | If your system isn't listed, you will have to create a configuration |
407 | file named Configurations/{something}.conf and add the correct | |
408 | configuration for your system. See the available configs as examples | |
409 | and read Configurations/README and Configurations/README.design for | |
410 | more information. | |
79e259e3 | 411 | |
5bb9e2b4 RL |
412 | The generic configurations "cc" or "gcc" should usually work on 32 bit |
413 | Unix-like systems. | |
414 | ||
415 | Configure creates a build file ("Makefile" on Unix and "descrip.mms" | |
416 | on OpenVMS) from a suitable template in Configurations, and | |
b1fe6b43 | 417 | defines various macros in crypto/opensslconf.h (generated from |
80611577 | 418 | crypto/opensslconf.h.in). |
79e259e3 | 419 | |
2acd8ec7 RL |
420 | 1c. Configure OpenSSL for building outside of the source tree. |
421 | ||
422 | OpenSSL can be configured to build in a build directory separate from | |
423 | the directory with the source code. It's done by placing yourself in | |
424 | some other directory and invoking the configuration commands from | |
425 | there. | |
426 | ||
427 | Unix example: | |
428 | ||
429 | $ mkdir /var/tmp/openssl-build | |
430 | $ cd /var/tmp/openssl-build | |
431 | $ /PATH/TO/OPENSSL/SOURCE/config [options] | |
432 | ||
433 | or | |
434 | ||
435 | $ /PATH/TO/OPENSSL/SOURCE/Configure [target] [options] | |
436 | ||
437 | OpenVMS example: | |
438 | ||
439 | $ set default sys$login: | |
440 | $ create/dir [.tmp.openssl-build] | |
441 | $ set default [.tmp.openssl-build] | |
442 | $ @[PATH.TO.OPENSSL.SOURCE]config {options} | |
443 | ||
444 | or | |
445 | ||
446 | $ @[PATH.TO.OPENSSL.SOURCE]Configure {target} {options} | |
447 | ||
b32b8961 RL |
448 | Windows example: |
449 | ||
450 | $ C: | |
451 | $ mkdir \temp-openssl | |
452 | $ cd \temp-openssl | |
453 | $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure {target} {options} | |
454 | ||
2acd8ec7 RL |
455 | Paths can be relative just as well as absolute. Configure will |
456 | do its best to translate them to relative paths whenever possible. | |
457 | ||
462ba4f6 | 458 | 2. Build OpenSSL by running: |
79e259e3 | 459 | |
2acd8ec7 RL |
460 | $ make # Unix |
461 | $ mms ! (or mmk) OpenVMS | |
b32b8961 | 462 | $ nmake # Windows |
79e259e3 | 463 | |
2acd8ec7 RL |
464 | This will build the OpenSSL libraries (libcrypto.a and libssl.a on |
465 | Unix, corresponding on other platforms) and the OpenSSL binary | |
466 | ("openssl"). The libraries will be built in the top-level directory, | |
467 | and the binary will be in the "apps" subdirectory. | |
79e259e3 | 468 | |
2acd8ec7 | 469 | If the build fails, look at the output. There may be reasons for |
9020b862 | 470 | the failure that aren't problems in OpenSSL itself (like missing |
a652ffc4 | 471 | standard headers). If it is a problem with OpenSSL itself, please |
2acd8ec7 RL |
472 | report the problem to <rt@openssl.org> (note that your message |
473 | will be recorded in the request tracker publicly readable at | |
474 | https://www.openssl.org/community/index.html#bugs and will be | |
d5957691 MC |
475 | forwarded to a public mailing list). Please check out the request |
476 | tracker. Maybe the bug was already reported or has already been | |
477 | fixed. | |
b1fe6b43 | 478 | |
436a376b | 479 | [If you encounter assembler error messages, try the "no-asm" |
b82ccbb7 | 480 | configuration option as an immediate fix.] |
436a376b | 481 | |
91174a91 UM |
482 | Compiling parts of OpenSSL with gcc and others with the system |
483 | compiler will result in unresolved symbols on some systems. | |
484 | ||
462ba4f6 | 485 | 3. After a successful build, the libraries should be tested. Run: |
79e259e3 | 486 | |
2acd8ec7 RL |
487 | $ make test # Unix |
488 | $ mms test ! OpenVMS | |
b32b8961 | 489 | $ nmake test # Windows |
79e259e3 | 490 | |
2e996acf RL |
491 | If some tests fail, look at the output. There may be reasons for |
492 | the failure that isn't a problem in OpenSSL itself (like a | |
493 | malfunction with Perl). You may want increased verbosity, that | |
494 | can be accomplished like this: | |
495 | ||
be6bdab6 | 496 | $ make VERBOSE=1 test # Unix |
2acd8ec7 | 497 | |
e8173157 | 498 | $ mms /macro=(VERBOSE=1) test ! OpenVMS |
2e996acf | 499 | |
be6bdab6 | 500 | $ nmake VERBOSE=1 test # Windows |
b32b8961 | 501 | |
2e996acf RL |
502 | If you want to run just one or a few specific tests, you can use |
503 | the make variable TESTS to specify them, like this: | |
504 | ||
2acd8ec7 RL |
505 | $ make TESTS='test_rsa test_dsa' test # Unix |
506 | $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS | |
b32b8961 | 507 | $ nmake TESTS='test_rsa test_dsa' test # Windows |
2e996acf | 508 | |
2acd8ec7 | 509 | And of course, you can combine (Unix example shown): |
2e996acf | 510 | |
be6bdab6 | 511 | $ make VERBOSE=1 TESTS='test_rsa test_dsa' test |
2e996acf RL |
512 | |
513 | You can find the list of available tests like this: | |
514 | ||
2acd8ec7 | 515 | $ make list-tests # Unix |
5bb9e2b4 | 516 | $ mms list-tests ! OpenVMS |
b32b8961 | 517 | $ nmake list-tests # Windows |
2e996acf | 518 | |
d40b0622 RL |
519 | Have a look at the manual for the perl module Test::Harness to |
520 | see what other HARNESS_* variables there are. | |
521 | ||
2e996acf | 522 | If you find a problem with OpenSSL itself, try removing any |
2acd8ec7 RL |
523 | compiler optimization flags from the CFLAGS line in Makefile and |
524 | run "make clean; make" or corresponding. | |
2e996acf | 525 | |
d5957691 | 526 | Please send a bug reports to <rt@openssl.org>. |
b1fe6b43 | 527 | |
462ba4f6 | 528 | 4. If everything tests ok, install OpenSSL with |
79e259e3 | 529 | |
2acd8ec7 RL |
530 | $ make install # Unix |
531 | $ mms install ! OpenVMS | |
532 | ||
533 | This will install all the software components in this directory | |
534 | tree under PREFIX (the directory given with --prefix or its | |
535 | default): | |
536 | ||
537 | Unix: | |
538 | ||
539 | bin/ Contains the openssl binary and a few other | |
540 | utility scripts. | |
541 | include/openssl | |
542 | Contains the header files needed if you want | |
543 | to build your own programs that use libcrypto | |
544 | or libssl. | |
545 | lib Contains the OpenSSL library files. | |
546 | lib/engines Contains the OpenSSL dynamically loadable engines. | |
547 | share/man/{man1,man3,man5,man7} | |
548 | Contains the OpenSSL man-pages. | |
d5957691 | 549 | share/doc/openssl/html/{man1,man3,man5,man7} |
2acd8ec7 RL |
550 | Contains the HTML rendition of the man-pages. |
551 | ||
552 | OpenVMS ('arch' is replaced with the architecture name, "Alpha" | |
553 | or "ia64"): | |
554 | ||
555 | [.EXE.'arch'] Contains the openssl binary and a few other | |
556 | utility scripts. | |
557 | [.include.openssl] | |
558 | Contains the header files needed if you want | |
559 | to build your own programs that use libcrypto | |
560 | or libssl. | |
561 | [.LIB.'arch'] Contains the OpenSSL library files. | |
562 | [.ENGINES.'arch'] | |
563 | Contains the OpenSSL dynamically loadable engines. | |
564 | [.SYS$STARTUP] Contains startup, login and shutdown scripts. | |
565 | These define appropriate logical names and | |
566 | command symbols. | |
567 | ||
568 | ||
569 | Additionally, install will add the following directories under | |
570 | OPENSSLDIR (the directory given with --openssldir or its default) | |
571 | for you convenience: | |
572 | ||
573 | certs Initially empty, this is the default location | |
574 | for certificate files. | |
575 | private Initially empty, this is the default location | |
576 | for private key files. | |
577 | misc Various scripts. | |
60cdb821 | 578 | |
e5f3045f BM |
579 | Package builders who want to configure the library for standard |
580 | locations, but have the package installed somewhere else so that | |
581 | it can easily be packaged, can use | |
582 | ||
2acd8ec7 RL |
583 | $ make DESTDIR=/tmp/package-root install # Unix |
584 | $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS | |
e5f3045f | 585 | |
3c65577f | 586 | The specified destination directory will be prepended to all |
2acd8ec7 | 587 | installation target paths. |
4fd53220 | 588 | |
2acd8ec7 | 589 | Compatibility issues with previous OpenSSL versions: |
4fd53220 BM |
590 | |
591 | * COMPILING existing applications | |
592 | ||
2acd8ec7 RL |
593 | OpenSSL 1.1 hides a number of structures that were previously |
594 | open. This includes all internal libssl structures and a number | |
595 | of EVP types. Accessor functions have been added to allow | |
596 | controlled access to the structures' data. | |
4fd53220 | 597 | |
2acd8ec7 RL |
598 | This means that some software needs to be rewritten to adapt to |
599 | the new ways of doing things. This often amounts to allocating | |
600 | an instance of a structure explicitly where you could previously | |
601 | allocate them on the stack as automatic variables, and using the | |
602 | provided accessor functions where you would previously access a | |
603 | structure's field directly. | |
4fd53220 | 604 | |
2acd8ec7 | 605 | <TBA> |
4fd53220 | 606 | |
2acd8ec7 RL |
607 | Some APIs have changed as well. However, older APIs have been |
608 | preserved when possible. | |
4fd53220 BM |
609 | |
610 | ||
5f8d5c96 BM |
611 | Note on multi-threading |
612 | ----------------------- | |
613 | ||
614 | For some systems, the OpenSSL Configure script knows what compiler options | |
615 | are needed to generate a library that is suitable for multi-threaded | |
616 | applications. On these systems, support for multi-threading is enabled | |
617 | by default; use the "no-threads" option to disable (this should never be | |
618 | necessary). | |
619 | ||
620 | On other systems, to enable support for multi-threading, you will have | |
33d50ef6 | 621 | to specify at least two options: "threads", and a system-dependent option. |
5f8d5c96 BM |
622 | (The latter is "-D_REENTRANT" on various systems.) The default in this |
623 | case, obviously, is not to include support for multi-threading (but | |
624 | you can still use "no-threads" to suppress an annoying warning message | |
625 | from the Configure script.) | |
626 | ||
35d8fa56 | 627 | OpenSSL provides built-in support for two threading models: pthreads (found on |
8b75603c MC |
628 | most UNIX/Linux systems), and Windows threads. No other threading models are |
629 | supported. If your platform does not provide pthreads or Windows threads then | |
630 | you should Configure with the "no-threads" option. | |
fcc6a1c4 RL |
631 | |
632 | Note on shared libraries | |
633 | ------------------------ | |
634 | ||
ce942199 MC |
635 | For most systems the OpenSSL Configure script knows what is needed to |
636 | build shared libraries for libcrypto and libssl. On these systems | |
637 | the shared libraries will be created by default. This can be suppressed and | |
638 | only static libraries created by using the "no-shared" option. On systems | |
639 | where OpenSSL does not know how to build shared libraries the "no-shared" | |
640 | option will be forced and only static libraries will be created. | |
96c930dd LJ |
641 | |
642 | Note on random number generation | |
643 | -------------------------------- | |
644 | ||
645 | Availability of cryptographically secure random numbers is required for | |
646 | secret key generation. OpenSSL provides several options to seed the | |
647 | internal PRNG. If not properly seeded, the internal PRNG will refuse | |
648 | to deliver random bytes and a "PRNG not seeded error" will occur. | |
649 | On systems without /dev/urandom (or similar) device, it may be necessary | |
650 | to install additional support software to obtain random seed. | |
651 | Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), | |
652 | and the FAQ for more information. | |
4a9476dd | 653 |