X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=INSTALL;h=1c3f3c3fe92298d740f18014d1196b4dcf02c189;hp=cc8c38aed8c236d42c1a3c748ac0724a2538dcfe;hb=d8ec0dcf457f4dec39f137657b702fcbeaf5cc04;hpb=e452de9d8753d1fc6ba8cd26eb035988ea2635e9 diff --git a/INSTALL b/INSTALL index cc8c38aed8..1c3f3c3fe9 100644 --- a/INSTALL +++ b/INSTALL @@ -2,8 +2,10 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described - in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.] + [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X) + is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS. + This document describes installation on operating systems in the Unix + family.] To install OpenSSL, you will need: @@ -60,7 +62,7 @@ zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically when needed. This is only supported on systems where loading - of shared libraries is supported. + of shared libraries is supported. This is the default choice. no-shared Don't try to create shared libraries. @@ -137,8 +139,11 @@ the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your - message will be forwarded to a public mailing list). Include the - output of "make report" in your message. + message will be recorded in the request tracker publicly readable + via http://www.openssl.org/support/rt2.html and will be forwarded to a + public mailing list). Include the output of "make report" in your message. + Please check out the request tracker. Maybe the bug was already + reported or has already been fixed. [If you encounter assembler error messages, try the "no-asm" configuration option as an immediate fix.] @@ -153,10 +158,11 @@ If a test fails, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAGS line + try removing any compiler optimization flags from the CFLAG line in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of - "make report". + "make report" in order to be added to the request tracker at + http://www.openssl.org/support/rt2.html. 4. If everything tests ok, install OpenSSL with @@ -290,3 +296,37 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in it's source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.org clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree.