X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=INSTALL;h=d576548c89388d5ab028cb28df65ff163bfc9df2;hp=605f1d4cdb73b78623830d21366889e4fdf504f6;hb=15de965ff04ccecb068f3ce6c643555dce9372c6;hpb=5d2f3e4a6c3e62677cdf3b33d8b9b08ff7d52dc7 diff --git a/INSTALL b/INSTALL index 605f1d4cdb..d576548c89 100644 --- a/INSTALL +++ b/INSTALL @@ -99,6 +99,9 @@ $ nmake test $ nmake install + Note that in order to perform the install step above you need to have + appropriate permissions to write to the installation directory. + If any of these steps fails, see section Installation in Detail below. This will build and install OpenSSL in the default location, which is: @@ -108,6 +111,12 @@ OpenSSL version number with underscores instead of periods. Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL + The installation directory should be appropriately protected to ensure + unprivileged users cannot make changes to OpenSSL binaries or files, or install + engines. If you already have a pre-installed version of OpenSSL as part of + your Operating System it is recommended that you do not overwrite the system + version and instead install to somewhere else. + If you want to install it anywhere else, run config like this: On Unix: @@ -136,7 +145,10 @@ Don't build with support for deprecated APIs below the specified version number. For example "--api=1.1.0" will remove support for all APIS that were deprecated in OpenSSL - version 1.1.0 or below. + version 1.1.0 or below. This is a rather specialized option + for developers. If you just intend to remove all deprecated + APIs entirely (up to the current version), it is easier + to add the 'no-deprecated' option instead (see below). --cross-compile-prefix=PREFIX The PREFIX to include in front of commands for your @@ -230,7 +242,7 @@ source exists. getrandom: Use the L or equivalent system call. - devrandom: Use the the first device from the DEVRANDOM list + devrandom: Use the first device from the DEVRANDOM list which can be opened to read random bytes. The DEVRANDOM preprocessor constant expands to "/dev/urandom","/dev/random","/dev/srandom" on @@ -314,6 +326,9 @@ Don't build the CAPI engine. This option will be forced if on a platform that does not support CAPI. + no-cmp + Don't build support for CMP features + no-cms Don't build support for CMS features @@ -349,6 +364,9 @@ Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. + no-dso + Don't build support for loading Dynamic Shared Objects. + enable-devcryptoeng Build the /dev/crypto engine. It is automatically selected on BSD implementations, in which case it can be disabled with @@ -555,6 +573,9 @@ Enable additional unit test APIs. This should not typically be used in production deployments. + no-uplink + Don't build support for UPLINK interface. + enable-weak-ssl-ciphers Build support for SSL/TLS ciphers that are considered "weak" (e.g. RC4 based ciphersuites). @@ -893,11 +914,17 @@ malfunction with Perl). You may want increased verbosity, that can be accomplished like this: - $ make VERBOSE=1 test # Unix + Verbosity on failure only (make macro VERBOSE_FAILURE or VF): + + $ make VF=1 test # Unix + $ mms /macro=(VF=1) test ! OpenVMS + $ nmake VF=1 test # Windows - $ mms /macro=(VERBOSE=1) test ! OpenVMS + Full verbosity (make macro VERBOSE or V): - $ nmake VERBOSE=1 test # Windows + $ make V=1 test # Unix + $ mms /macro=(V=1) test ! OpenVMS + $ nmake V=1 test # Windows If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this: @@ -908,7 +935,7 @@ And of course, you can combine (Unix example shown): - $ make VERBOSE=1 TESTS='test_rsa test_dsa' test + $ make VF=1 TESTS='test_rsa test_dsa' test You can find the list of available tests like this: @@ -935,8 +962,11 @@ $ mms install ! OpenVMS $ nmake install # Windows - This will install all the software components in this directory - tree under PREFIX (the directory given with --prefix or its + Note that in order to perform the install step above you need to have + appropriate permissions to write to the installation directory. + + The above commands will install all the software components in this + directory tree under PREFIX (the directory given with --prefix or its default): Unix: @@ -992,6 +1022,12 @@ for private key files. misc Various scripts. + The installation directory should be appropriately protected to ensure + unprivileged users cannot make changes to OpenSSL binaries or files, or + install engines. If you already have a pre-installed version of OpenSSL as + part of your Operating System it is recommended that you do not overwrite + the system version and instead install to somewhere else. + Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use