available if the GOST algorithms are also available through
loading an externally supplied engine.
- enable-heartbeats
- Build support for DTLS heartbeats.
-
no-hw-padlock
Don't build the padlock engine.
Don't build SRTP support
no-sse2
- Exclude SSE2 code paths. Normally SSE2 extension is
- detected at run-time, but the decision whether or not the
- machine code will be executed is taken solely on CPU
- capability vector. This means that if you happen to run OS
- kernel which does not support SSE2 extension on Intel P4
- processor, then your application might be exposed to
- "illegal instruction" exception. There might be a way
- to enable support in kernel, e.g. FreeBSD kernel can be
- compiled with CPU_ENABLE_SSE, and there is a way to
- disengage SSE2 code paths upon application start-up,
- but if you aim for wider "audience" running such kernel,
- consider no-sse2. Both the 386 and no-asm options imply
- no-sse2.
+ Exclude SSE2 code paths from 32-bit x86 assembly modules.
+ Normally SSE2 extension is detected at run-time, but the
+ decision whether or not the machine code will be executed
+ is taken solely on CPU capability vector. This means that
+ if you happen to run OS kernel which does not support SSE2
+ extension on Intel P4 processor, then your application
+ might be exposed to "illegal instruction" exception.
+ There might be a way to enable support in kernel, e.g.
+ FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
+ there is a way to disengage SSE2 code paths upon application
+ start-up, but if you aim for wider "audience" running
+ such kernel, consider no-sse2. Both the 386 and
+ no-asm options imply no-sse2.
enable-ssl-trace
Build with the SSL Trace capabilities (adds the "-trace"
the OpenSSL tests also use the command line applications the
tests will also be skipped.
+ no-tests
+ Don't build test programs or run any test.
+
no-threads
Don't try to build with support for multi-threaded
applications.
where loading of shared libraries is supported.
386
- On Intel hardware, use the 80386 instruction set only
- (the default x86 code is more efficient, but requires at
- least a 486). Note: Use compiler flags for any other CPU
- specific configuration, e.g. "-m32" to build x86 code on
- an x64 system.
+ In 32-bit x86 builds, when generating assembly modules,
+ use the 80386 instruction set only (the default x86 code
+ is more efficient, but requires at least a 486). Note:
+ This doesn't affect code generated by compiler, you're
+ likely to complement configuration command line with
+ suitable compiler-specific option.
enable-tls1_3
TODO(TLS1.3): Make this enabled by default
Build without support for the specified algorithm, where
<alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
- rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
- algorithm is deprecated and if used is synonymous with rmd160.
+ rc2, rc4, rmd160, scrypt, seed, siphash or whirlpool. The
+ "ripemd" algorithm is deprecated and if used is synonymous
+ with rmd160.
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx
These system specific options will be passed through to the
compiler to allow you to define preprocessor symbols, specify
additional libraries, library directories or other compiler
- options.
+ options. It might be worth noting that some compilers
+ generate code specifically for processor the compiler
+ currently executes on. This is not necessarily what you might
+ have in mind, since it might be unsuitable for execution on
+ other, typically older, processor. Consult your compiler
+ documentation.
Installation in Detail
("openssl"). The libraries will be built in the top-level directory,
and the binary will be in the "apps" subdirectory.
- If the build fails, look at the output. There may be reasons for
- the failure that aren't problems in OpenSSL itself (like missing
- standard headers). If you are having problems you can get help by
- sending an email to the openssl-users email list (see
- https://www.openssl.org/community/mailinglists.html for details). If it
- is a bug with OpenSSL itself, please report the problem to
- <rt@openssl.org> (note that your message will be recorded in the request
- tracker publicly readable at
- https://www.openssl.org/community/index.html#bugs and will be
- forwarded to a public mailing list). Please check out the request
- tracker. Maybe the bug was already reported or has already been
+ If the build fails, look at the output. There may be reasons
+ for the failure that aren't problems in OpenSSL itself (like
+ missing standard headers). If you are having problems you can
+ get help by sending an email to the openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for details). If
+ it is a bug with OpenSSL itself, please open an issue on GitHub, at
+ https://github.com/openssl/openssl/issues. Please review the existing
+ ones first; maybe the bug was already reported or has already been
fixed.
(If you encounter assembler error messages, try the "no-asm"
and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
and libssl-1_1-ia64.dll for IA64 Windows. With MSVC, the import libraries
are named libcrypto.lib and libssl.lib, while with MingW, they are named
- libcrypto.dll.a and libddl.dll.a.
+ libcrypto.dll.a and libssl.dll.a.
On VMS, shareable images (VMS speak for shared libraries) are named
ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe. However, when