]>
Commit | Line | Data |
---|---|---|
79e259e3 PS |
1 | Installing OpenSSL on Unix |
2 | -------------------------- | |
3 | ||
4 | [For instructions for compiling OpenSSL on Windows systems, see | |
5 | INSTALL.W32]. | |
6 | ||
7 | To install OpenSSL, you will need: | |
8 | ||
9 | * Perl | |
10 | * C compiler | |
11 | * A supported operating system | |
12 | ||
13 | Quick Start | |
14 | ----------- | |
15 | ||
16 | If you want to just get on with it, do: | |
17 | ||
18 | ./Configure Find a match for your system | |
19 | in this output and use it on | |
20 | the next line | |
21 | ./Configure <system> | |
22 | make -f Makefile.ssl links | |
23 | make | |
24 | make rehash | |
25 | make test | |
26 | make install | |
27 | ||
28 | This will build and install OpenSSL in the default location, which is | |
29 | /usr/local/ssl. If you want to install it anywhere else, do this | |
30 | after running ./Configure <system>: | |
31 | ||
32 | utils/ssldir.pl /new/install/path | |
33 | ||
34 | If anything goes wrong, follow the detailed instructions below. If | |
35 | your operating system is not (yet) supported by OpenSSL, see the | |
36 | section on porting to a new system. | |
37 | ||
38 | Installation in Detail | |
39 | ---------------------- | |
40 | ||
41 | 1. Configure OpenSSL for your operating system | |
42 | ||
43 | OpenSSL knows about a range of different operating system, hardware | |
44 | and compiler combinations. To see the ones it knows about, run | |
45 | ||
46 | ./Configure | |
47 | ||
48 | Pick a suitable name from the list that matches your system. For | |
49 | most operating systems there is a choice between using "cc" or | |
50 | "gcc". | |
51 | ||
52 | When you have identified your system (and if necessary compiler) | |
53 | use this name as the argument to ./Configure. For example, a | |
54 | "linux-elf" user would run: | |
55 | ||
56 | ./Configure linux-elf | |
57 | ||
58 | If your system is not available, you will have to edit the Configure | |
59 | program and add the correct configuration for your system. | |
60 | ||
61 | Configure configures various files by converting an existing .org | |
62 | file into the real file. If you edit any files, remember that if | |
63 | a corresponding .org file exists them the next time you run | |
64 | ./Configure your changes will be lost when the file gets | |
65 | re-created from the .org file. The files that are created from | |
66 | .org files are: | |
67 | ||
68 | Makefile.ssl | |
69 | crypto/des/des.h | |
70 | crypto/des/des_locl.h | |
71 | crypto/md2/md2.h | |
72 | crypto/rc4/rc4.h | |
73 | crypto/rc4/rc4_enc.c | |
74 | crypto/rc2/rc2.h | |
75 | crypto/bf/bf_locl.h | |
76 | crypto/idea/idea.h | |
77 | crypto/bn/bn.h | |
78 | ||
79 | 2. Set the install directory | |
80 | ||
81 | If the install directory will be the default of /usr/local/ssl, | |
82 | skip to the next stage. Otherwise, run | |
83 | ||
84 | utils/ssldir.pl /new/install/path | |
85 | ||
86 | This configures the installation location into the "install" | |
87 | target of the top-level Makefile, and also updates some defines | |
88 | in an include file so that the default certificate directory is | |
89 | under the proper installation directory. It also updates a few | |
90 | utility files used in the build process. | |
91 | ||
92 | 3. Build OpenSSL | |
93 | ||
94 | Now run | |
95 | ||
96 | make | |
97 | ||
98 | This will build the OpenSSL libraries (libcrypto.a and libssl.a) | |
99 | and the OpenSSL binary ("ssleay"). The libraries will be built | |
100 | in the top-level directory, and the binary will be in the "apps" | |
101 | directory. | |
102 | ||
103 | 4. After a successful build, the libraries should be tested. Run | |
104 | ||
105 | make rehash | |
106 | make test | |
107 | ||
108 | (The first line makes the test certificates in the "certs" | |
109 | directory accessable via an hash name, which is required for some | |
110 | of the tests). | |
111 | ||
112 | 5. If everything tests ok, install OpenSSL with | |
113 | ||
114 | make install | |
115 | ||
116 | This will create the installation directory (if it does not | |
117 | exist) and then create the following subdirectories: | |
118 | ||
119 | bin Contains the ssleay binary and a few other utility | |
120 | programs. It also contains symbolic links so | |
121 | that ssleay commands can be accessed directly | |
122 | (e.g. so that "s_client" can be used instead of | |
123 | "ssleay s_client"). | |
124 | certs Initially empty, this is the default location | |
125 | for certificate files. | |
126 | include Contains the header files needed if you want to | |
127 | compile programs with libcrypto or libssl. | |
128 | lib Contains the library files themselves and the | |
129 | OpenSSL configuration file "ssleay.cnf". | |
130 | private Initially empty, this is the default location | |
131 | for private key files. | |
132 | ||
133 | ---------------------------------------------------------------------- | |
134 | ||
135 | Additional Compilation Notes | |
136 | ---------------------------- | |
137 | ||
138 | These notes come from SSLeay 0.9.1 and cover some more advanced | |
139 | facilities (such as building a single makefile for use on Windows | |
140 | systems). | |
141 | ||
142 | ||
d02b48c6 RE |
143 | # Installation of SSLeay. |
144 | # It depends on perl for a few bits but those steps can be skipped and | |
145 | # the top level makefile edited by hand | |
146 | ||
147 | # When bringing the SSLeay distribution back from the evil intel world | |
148 | # of Windows NT, do the following to make it nice again under unix :-) | |
149 | # You don't normally need to run this. | |
150 | sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996 | |
151 | ||
152 | # If you have perl, and it is not in /usr/local/bin, you can run | |
153 | perl util/perlpath.pl /new/path | |
154 | # and this will fix the paths in all the scripts. DO NOT put | |
155 | # /new/path/perl, just /new/path. The build | |
156 | # environment always run scripts as 'perl perlscript.pl' but some of the | |
157 | # 'applications' are easier to usr with the path fixed. | |
158 | ||
159 | # Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl | |
160 | # to set the install locations if you don't like | |
161 | # the default location of /usr/local/ssl | |
162 | # Do this by running | |
163 | perl util/ssldir.pl /new/ssl/home | |
164 | # if you have perl, or by hand if not. | |
165 | ||
166 | # If things have been stuffed up with the sym links, run | |
167 | make -f Makefile.ssl links | |
168 | # This will re-populate lib/include with symlinks and for each | |
169 | # directory, link Makefile to Makefile.ssl | |
170 | ||
171 | # Setup the machine dependent stuff for the top level makefile | |
172 | # and some select .h files | |
173 | # If you don't have perl, this will bomb, in which case just edit the | |
174 | # top level Makefile.ssl | |
175 | ./Configure 'system type' | |
176 | ||
177 | # The 'Configure' command contains default configuration parameters | |
178 | # for lots of machines. Configure edits 5 lines in the top level Makefile | |
179 | # It modifies the following values in the following files | |
180 | Makefile.ssl CC CFLAG EX_LIBS BN_MULW | |
181 | crypto/des/des.h DES_LONG | |
182 | crypto/des/des_locl.h DES_PTR | |
58964a49 | 183 | crypto/md2/md2.h MD2_INT |
d02b48c6 RE |
184 | crypto/rc4/rc4.h RC4_INT |
185 | crypto/rc4/rc4_enc.c RC4_INDEX | |
186 | crypto/rc2/rc2.h RC2_INT | |
187 | crypto/bf/bf_locl.h BF_INT | |
188 | crypto/idea/idea.h IDEA_INT | |
189 | crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT, | |
190 | SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT, | |
191 | SIXTEEN_BIT or EIGHT_BIT) | |
192 | Please remember that all these files are actually copies of the file with | |
193 | a .org extention. So if you change crypto/des/des.h, the next time | |
194 | you run Configure, it will be runover by a 'configured' version of | |
195 | crypto/des/des.org. So to make the changer the default, change the .org | |
196 | files. The reason these files have to be edited is because most of | |
197 | these modifications change the size of fundamental data types. | |
198 | While in theory this stuff is optional, it often makes a big | |
199 | difference in performance and when using assember, it is importaint | |
200 | for the 'Bignum bits' match those required by the assember code. | |
201 | A warning for people using gcc with sparc cpu's. Gcc needs the -mv8 | |
202 | flag to use the hardware multiply instruction which was not present in | |
203 | earlier versions of the sparc CPU. I define it by default. If you | |
204 | have an old sparc, and it crashes, try rebuilding with this flag | |
205 | removed. I am leaving this flag on by default because it makes | |
206 | things run 4 times faster :-) | |
207 | ||
208 | # clean out all the old stuff | |
209 | make clean | |
210 | ||
211 | # Do a make depend only if you have the makedepend command installed | |
212 | # This is not needed but it does make things nice when developing. | |
213 | make depend | |
214 | ||
215 | # make should build everything | |
216 | make | |
217 | ||
218 | # fix up the demo certificate hash directory if it has been stuffed up. | |
219 | make rehash | |
220 | ||
221 | # test everything | |
222 | make test | |
223 | ||
224 | # install the lot | |
225 | make install | |
226 | ||
227 | # It is worth noting that all the applications are built into the one | |
228 | # program, ssleay, which is then has links from the other programs | |
229 | # names to it. | |
230 | # The applicatons can be built by themselves, just don't define the | |
231 | # 'MONOLITH' flag. So to build the 'enc' program stand alone, | |
232 | gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a | |
233 | ||
234 | # Other useful make options are | |
235 | make makefile.one | |
236 | # which generate a 'makefile.one' file which will build the complete | |
237 | # SSLeay distribution with temp. files in './tmp' and 'installable' files | |
238 | # in './out' | |
239 | ||
240 | # Have a look at running | |
241 | perl util/mk1mf.pl help | |
242 | # this can be used to generate a single makefile and is about the only | |
243 | # way to generate makefiles for windows. | |
244 | ||
245 | # There is actually a final way of building SSLeay. | |
246 | gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c | |
247 | gcc -O2 -c -Issl -Iinclude ssl/ssl.c | |
248 | # and you now have the 2 libraries as single object files :-). | |
249 | # If you want to use the assember code for your particular platform | |
250 | # (DEC alpha/x86 are the main ones, the other assember is just the | |
251 | # output from gcc) you will need to link the assember with the above generated | |
252 | # object file and also do the above compile as | |
253 | gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c | |
254 | ||
255 | This last option is probably the best way to go when porting to another | |
256 | platform or building shared libraries. It is not good for development so | |
257 | I don't normally use it. | |
258 | ||
259 | To build shared libararies under unix, have a look in shlib, basically | |
260 | you are on your own, but it is quite easy and all you have to do | |
261 | is compile 2 (or 3) files. | |
262 | ||
263 | For mult-threading, have a read of doc/threads.doc. Again it is quite | |
264 | easy and normally only requires some extra callbacks to be defined | |
265 | by the application. | |
266 | The examples for solaris and windows NT/95 are in the mt directory. | |
267 | ||
268 | have fun | |
269 | ||
270 | eric 25-Jun-1997 | |
dfeab068 RE |
271 | |
272 | IRIX 5.x will build as a 32 bit system with mips1 assember. | |
273 | IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms | |
274 | to n32 standards. In theory you can compile the 64 bit assember under | |
275 | IRIX 5.x but you will have to have the correct system software installed. |