--------------------
This document describes installation on all supported operating
- systems (the Linux/Unix family, OpenVMS and Windows)
+ systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS,
+ and Windows).
To install OpenSSL, you will need:
If you want to just get on with it, do:
- on Unix:
+ on Unix (again, this includes Mac OS/X):
$ ./config
$ make
put together one-size-fits-all instructions. You might
have to pass more flags or set up environment variables
to actually make it work. Android and iOS cases are
- discussed in corresponding Configurations/10-main.cf
- sections. But there are cases when this option alone is
+ discussed in corresponding Configurations/15-*.conf
+ files. But there are cases when this option alone is
sufficient. For example to build the mingw64 target on
Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
works. Naturally provided that mingw packages are
"--cross-compile-prefix=mipsel-linux-gnu-" suffices
in such case. Needless to mention that you have to
invoke ./Configure, not ./config, and pass your target
- name explicitly.
+ name explicitly. Also, note that --openssldir refers
+ to target's file system, not one you are building on.
--debug
- Build OpenSSL with debugging symbols.
+ Build OpenSSL with debugging symbols and zero optimization
+ level.
--libdir=DIR
The name of the directory under the top of the installation
os: Use a trusted operating system entropy source.
This is the default method if such an entropy
source exists.
- getrandom: Use the L<getrandom(2)> system call if available.
+ getrandom: Use the L<getrandom(2)> or equivalent system
+ call.
devrandom: Use the the first device from the DEVRANDOM list
which can be opened to read random bytes. The
DEVRANDOM preprocessor constant expands to
no-shared option.
no-asm
- Do not use assembler code. On some platforms a small amount
- of assembler code may still be used.
+ Do not use assembler code. This should be viewed as
+ debugging/trouble-shooting option rather than production.
+ On some platforms a small amount of assembler code may
+ still be used even with this option.
no-async
Do not build support for async operations.
error strings. For a statically linked application this may
be undesirable if small executable size is an objective.
+ no-autoload-config
+ Don't automatically load the default openssl.cnf file.
+ Typically OpenSSL will automatically load a system config
+ file which configures default ssl options.
no-capieng
Don't build the CAPI engine. This option will be forced if
enable-ec_nistp_64_gcc_128
Enable support for optimised implementations of some commonly
- used NIST elliptic curves. This is only supported on some
- platforms.
+ used NIST elliptic curves.
+ This is only supported on platforms:
+ - with little-endian storage of non-byte types
+ - that tolerate misaligned memory references
+ - where the compiler:
+ - supports the non-standard type __uint128_t
+ - defines the built-in macro __SIZEOF_INT128__
enable-egd
Build support for gathering entropy from EGD (Entropy
require additional system-dependent options! See "Note on
multi-threading" below.
- enable-tls13downgrade
- TODO(TLS1.3): Make this enabled by default and remove the
- option when TLSv1.3 is out of draft
- TLSv1.3 offers a downgrade protection mechanism. This is
- implemented but disabled by default. It should not typically
- be enabled except for testing purposes. Otherwise this could
- cause problems if a pre-RFC version of OpenSSL talks to an
- RFC implementation (it will erroneously be detected as a
- downgrade).
-
no-ts
Don't build Time Stamping Authority support.
Build without support for the specified algorithm, where
<alg> is one of: aria, bf, blake2, camellia, cast, chacha,
cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb,
- poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4
- or whirlpool. The "ripemd" algorithm is deprecated and if
- used is synonymous with rmd160.
+ poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm2, sm3,
+ sm4 or whirlpool. The "ripemd" algorithm is deprecated and
+ if used is synonymous with rmd160.
-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recognised and