X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=INSTALL;h=0bddf761a187dc0c1a2b16e794456accac81bab4;hp=605f1d4cdb73b78623830d21366889e4fdf504f6;hb=b6db6612d12460d3787b6cf94777e309ea75d058;hpb=5d2f3e4a6c3e62677cdf3b33d8b9b08ff7d52dc7 diff --git a/INSTALL b/INSTALL index 605f1d4cdb..0bddf761a1 100644 --- a/INSTALL +++ b/INSTALL @@ -99,6 +99,9 @@ $ nmake test $ nmake install + Note that in order to perform the install step above you need to have + appropriate permissions to write to the installation directory. + If any of these steps fails, see section Installation in Detail below. This will build and install OpenSSL in the default location, which is: @@ -108,6 +111,12 @@ OpenSSL version number with underscores instead of periods. Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL + The installation directory should be appropriately protected to ensure + unprivileged users cannot make changes to OpenSSL binaries or files, or install + engines. If you already have a pre-installed version of OpenSSL as part of + your Operating System it is recommended that you do not overwrite the system + version and instead install to somewhere else. + If you want to install it anywhere else, run config like this: On Unix: @@ -132,11 +141,20 @@ --openssldir depend in what configuration is used and what Windows implementation OpenSSL is built on. More notes on this in NOTES.WIN): - --api=x.y.z - Don't build with support for deprecated APIs below the - specified version number. For example "--api=1.1.0" will - remove support for all APIS that were deprecated in OpenSSL - version 1.1.0 or below. + --api=x.y[.z] + Build the OpenSSL libraries to support the API for + the specified version. If "no-deprecated" is also + given, don't build with support for deprecated APIs + in or below the specified version number. For example + "--api=1.1.0" with "no-deprecated" will remove + support for all APIS that were deprecated in + OpenSSL version 1.1.0 or below. + This is a rather specialized option for developers. + If you just intend to remove all deprecated APIs + entirely (up to the current version), only specify + "-no-deprecated" (see below). + If "--api" isn't given, it defaults to the current + OpenSSL minor version. --cross-compile-prefix=PREFIX The PREFIX to include in front of commands for your @@ -230,7 +248,7 @@ source exists. getrandom: Use the L or equivalent system call. - devrandom: Use the the first device from the DEVRANDOM list + devrandom: Use the first device from the DEVRANDOM list which can be opened to read random bytes. The DEVRANDOM preprocessor constant expands to "/dev/urandom","/dev/random","/dev/srandom" on @@ -314,6 +332,9 @@ Don't build the CAPI engine. This option will be forced if on a platform that does not support CAPI. + no-cmp + Don't build support for CMP features + no-cms Don't build support for CMS features @@ -341,14 +362,18 @@ Don't build support for Certificate Transparency. no-deprecated - Don't build with support for any deprecated APIs. This is the - same as using "--api" and supplying the latest version - number. + Don't build with support for deprecated APIs up + until and including the version given with + "--api" (or the current version of "--api" wasn't + given). no-dgram Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. + no-dso + Don't build support for loading Dynamic Shared Objects. + enable-devcryptoeng Build the /dev/crypto engine. It is automatically selected on BSD implementations, in which case it can be disabled with @@ -555,6 +580,9 @@ Enable additional unit test APIs. This should not typically be used in production deployments. + no-uplink + Don't build support for UPLINK interface. + enable-weak-ssl-ciphers Build support for SSL/TLS ciphers that are considered "weak" (e.g. RC4 based ciphersuites). @@ -620,10 +648,19 @@ Take note of the VAR=value documentation below and how these flags interact with those variables. - -xxx, +xxx + -xxx, +xxx, /xxx Additional options that are not otherwise recognised are - passed through as they are to the compiler as well. Again, - consult your compiler documentation. + passed through as they are to the compiler as well. + Unix-style options beginning with a '-' or '+' and + Windows-style options beginning with a '/' are recognized. + Again, consult your compiler documentation. + + If the option contains arguments separated by spaces, + then the URL-style notation %20 can be used for the space + character in order to avoid having to quote the option. + For example, -opt%20arg gets expanded to -opt arg. + In fact, any ASCII character can be encoded as %xx using its + hexadecimal encoding. Take note of the VAR=value documentation below and how these flags interact with those variables. @@ -893,11 +930,17 @@ malfunction with Perl). You may want increased verbosity, that can be accomplished like this: - $ make VERBOSE=1 test # Unix + Verbosity on failure only (make macro VERBOSE_FAILURE or VF): + + $ make VF=1 test # Unix + $ mms /macro=(VF=1) test ! OpenVMS + $ nmake VF=1 test # Windows - $ mms /macro=(VERBOSE=1) test ! OpenVMS + Full verbosity (make macro VERBOSE or V): - $ nmake VERBOSE=1 test # Windows + $ make V=1 test # Unix + $ mms /macro=(V=1) test ! OpenVMS + $ nmake V=1 test # Windows If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this: @@ -908,7 +951,7 @@ And of course, you can combine (Unix example shown): - $ make VERBOSE=1 TESTS='test_rsa test_dsa' test + $ make VF=1 TESTS='test_rsa test_dsa' test You can find the list of available tests like this: @@ -935,8 +978,11 @@ $ mms install ! OpenVMS $ nmake install # Windows - This will install all the software components in this directory - tree under PREFIX (the directory given with --prefix or its + Note that in order to perform the install step above you need to have + appropriate permissions to write to the installation directory. + + The above commands will install all the software components in this + directory tree under PREFIX (the directory given with --prefix or its default): Unix: @@ -992,6 +1038,12 @@ for private key files. misc Various scripts. + The installation directory should be appropriately protected to ensure + unprivileged users cannot make changes to OpenSSL binaries or files, or + install engines. If you already have a pre-installed version of OpenSSL as + part of your Operating System it is recommended that you do not overwrite + the system version and instead install to somewhere else. + Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use