Make the installation documentation easier to follow.

[thirdparty/openssl.git] / INSTALL

Installing OpenSSL on Unix
--------------------------

[For instructions for compiling OpenSSL on Windows systems, see
INSTALL.W32].

To install OpenSSL, you will need:

  * Perl
  * C compiler
  * A supported operating system

Quick Start
-----------

If you want to just get on with it, do:

  ./Configure                           Find a match for your system
                                        in this output and use it on
                                        the next line
  ./Configure <system>
  make -f Makefile.ssl links
  make
  make rehash
  make test
  make install

This will build and install OpenSSL in the default location, which is
/usr/local/ssl. If you want to install it anywhere else, do this
after running ./Configure <system>:

  utils/ssldir.pl /new/install/path

If anything goes wrong, follow the detailed instructions below. If
your operating system is not (yet) supported by OpenSSL, see the
section on porting to a new system.

Installation in Detail
----------------------

  1. Configure OpenSSL for your operating system

     OpenSSL knows about a range of different operating system, hardware
     and compiler combinations. To see the ones it knows about, run

       ./Configure

     Pick a suitable name from the list that matches your system. For
     most operating systems there is a choice between using "cc" or
     "gcc".

     When you have identified your system (and if necessary compiler)
     use this name as the argument to ./Configure. For example, a
     "linux-elf" user would run:

       ./Configure linux-elf

     If your system is not available, you will have to edit the Configure
     program and add the correct configuration for your system.

     Configure configures various files by converting an existing .org
     file into the real file. If you edit any files, remember that if
     a corresponding .org file exists them the next time you run
     ./Configure your changes will be lost when the file gets
     re-created from the .org file. The files that are created from
     .org files are:

       Makefile.ssl
       crypto/des/des.h
       crypto/des/des_locl.h
       crypto/md2/md2.h
       crypto/rc4/rc4.h
       crypto/rc4/rc4_enc.c
       crypto/rc2/rc2.h
       crypto/bf/bf_locl.h
       crypto/idea/idea.h
       crypto/bn/bn.h

  2. Set the install directory

     If the install directory will be the default of /usr/local/ssl,
     skip to the next stage. Otherwise, run

       utils/ssldir.pl /new/install/path

     This configures the installation location into the "install"
     target of the top-level Makefile, and also updates some defines
     in an include file so that the default certificate directory is
     under the proper installation directory. It also updates a few
     utility files used in the build process.

  3. Build OpenSSL

     Now run

       make

     This will build the OpenSSL libraries (libcrypto.a and libssl.a)
     and the OpenSSL binary ("ssleay"). The libraries will be built
     in the top-level directory, and the binary will be in the "apps"
     directory.

  4. After a successful build, the libraries should be tested. Run

       make rehash
       make test

     (The first line makes the test certificates in the "certs"
     directory accessable via an hash name, which is required for some
     of the tests).

  5. If everything tests ok, install OpenSSL with

       make install

     This will create the installation directory (if it does not
     exist) and then create the following subdirectories:

       bin            Contains the ssleay binary and a few other utility
                      programs. It also contains symbolic links so
                      that ssleay commands can be accessed directly
                      (e.g. so that "s_client" can be used instead of
                      "ssleay s_client").
       certs          Initially empty, this is the default location
                      for certificate files.
       include        Contains the header files needed if you want to
                      compile programs with libcrypto or libssl.
       lib            Contains the library files themselves and the
                      OpenSSL configuration file "ssleay.cnf".
       private        Initially empty, this is the default location
                      for private key files.

----------------------------------------------------------------------

Additional Compilation Notes
----------------------------

These notes come from SSLeay 0.9.1 and cover some more advanced
facilities (such as building a single makefile for use on Windows
systems).


# Installation of SSLeay.
# It depends on perl for a few bits but those steps can be skipped and
# the top level makefile edited by hand

# When bringing the SSLeay distribution back from the evil intel world
# of Windows NT, do the following to make it nice again under unix :-)
# You don't normally need to run this.
sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996

# If you have perl, and it is not in /usr/local/bin, you can run
perl util/perlpath.pl /new/path
# and this will fix the paths in all the scripts.  DO NOT put
# /new/path/perl, just /new/path. The build
# environment always run scripts as 'perl perlscript.pl' but some of the
# 'applications' are easier to usr with the path fixed.

# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
# to set the install locations if you don't like
# the default location of /usr/local/ssl
# Do this by running
perl util/ssldir.pl /new/ssl/home
# if you have perl, or by hand if not.

# If things have been stuffed up with the sym links, run
make -f Makefile.ssl links
# This will re-populate lib/include with symlinks and for each
# directory, link Makefile to Makefile.ssl

# Setup the machine dependent stuff for the top level makefile
# and some select .h files
# If you don't have perl, this will bomb, in which case just edit the
# top level Makefile.ssl
./Configure 'system type'

# The 'Configure' command contains default configuration parameters
# for lots of machines.  Configure edits 5 lines in the top level Makefile
# It modifies the following values in the following files
Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
crypto/des/des.h	DES_LONG
crypto/des/des_locl.h	DES_PTR
crypto/md2/md2.h	MD2_INT
crypto/rc4/rc4.h	RC4_INT
crypto/rc4/rc4_enc.c	RC4_INDEX
crypto/rc2/rc2.h	RC2_INT
crypto/bf/bf_locl.h	BF_INT
crypto/idea/idea.h	IDEA_INT
crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
				  SIXTEEN_BIT or EIGHT_BIT)
Please remember that all these files are actually copies of the file with
a .org extention.  So if you change crypto/des/des.h, the next time
you run Configure, it will be runover by a 'configured' version of
crypto/des/des.org.  So to make the changer the default, change the .org
files.  The reason these files have to be edited is because most of
these modifications change the size of fundamental data types.
While in theory this stuff is optional, it often makes a big
difference in performance and when using assember, it is importaint
for the 'Bignum bits' match those required by the assember code.
A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
flag to use the hardware multiply instruction which was not present in
earlier versions of the sparc CPU.  I define it by default.  If you
have an old sparc, and it crashes, try rebuilding with this flag
removed.  I am leaving this flag on by default because it makes
things run 4 times faster :-)

# clean out all the old stuff
make clean

# Do a make depend only if you have the makedepend command installed
# This is not needed but it does make things nice when developing.
make depend

# make should build everything
make

# fix up the demo certificate hash directory if it has been stuffed up.
make rehash

# test everything
make test

# install the lot
make install

# It is worth noting that all the applications are built into the one
# program, ssleay, which is then has links from the other programs
# names to it.
# The applicatons can be built by themselves, just don't define the
# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a

# Other useful make options are
make makefile.one
# which generate a 'makefile.one' file which will build the complete
# SSLeay distribution with temp. files in './tmp' and 'installable' files
# in './out'

# Have a look at running
perl util/mk1mf.pl help
# this can be used to generate a single makefile and is about the only
# way to generate makefiles for windows.

# There is actually a final way of building SSLeay.
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
# and you now have the 2 libraries as single object files :-).
# If you want to use the assember code for your particular platform
# (DEC alpha/x86 are the main ones, the other assember is just the
# output from gcc) you will need to link the assember with the above generated
# object file and also do the above compile as
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c

This last option is probably the best way to go when porting to another
platform or building shared libraries.  It is not good for development so
I don't normally use it.

To build shared libararies under unix, have a look in shlib, basically 
you are on your own, but it is quite easy and all you have to do
is compile 2 (or 3) files.

For mult-threading, have a read of doc/threads.doc.  Again it is quite
easy and normally only requires some extra callbacks to be defined
by the application.
The examples for solaris and windows NT/95 are in the mt directory.

have fun

eric 25-Jun-1997

IRIX 5.x will build as a 32 bit system with mips1 assember.
IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
to n32 standards. In theory you can compile the 64 bit assember under
IRIX 5.x but you will have to have the correct system software installed.