likely to complement configuration command line with
suitable compiler-specific option.
- enable-tls1_3
- TODO(TLS1.3): Make this enabled by default
- Build support for TLS1.3. Note: This is a WIP feature and
- only a single draft version is supported. Implementations
- of different draft versions will negotiate TLS 1.2 instead
- of (draft) TLS 1.3. Use with caution!!
-
no-<prot>
Don't build support for negotiating the specified SSL/TLS
- protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
- dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
- tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
- disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
- with "no-ssl3". Note this only affects version negotiation.
- OpenSSL will still provide the methods for applications to
- explicitly select the individual protocol versions.
+ protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
+ tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
+ all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+ Similarly "no-dtls" will disable dtls1 and dtls1_2. The
+ "no-ssl" option is synonymous with "no-ssl3". Note this only
+ affects version negotiation. OpenSSL will still provide the
+ methods for applications to explicitly select the individual
+ protocol versions.
no-<prot>-method
As for no-<prot> but in addition do not build the methods for
applications to explicitly select individual protocol
- versions.
+ versions. Note that there is no "no-tls1_3-method" option
+ because there is no application method for TLSv1.3. Using
+ individual protocol methods directly is deprecated.
+ Applications should use TLS_method() instead.
enable-<alg>
Build with support for the specified algorithm, where <alg>
no-<alg>
Build without support for the specified algorithm, where
- <alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
- des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
- rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4 or
- whirlpool. The "ripemd" algorithm is deprecated and if used
- is synonymous with rmd160.
+ <alg> is one of: aria, bf, blake2, camellia, cast, chacha,
+ cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb,
+ poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4
+ or whirlpool. The "ripemd" algorithm is deprecated and if
+ used is synonymous with rmd160.
-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recognised and
RCFLAGS Flags for the Windows reources manipulator.
RM The command to remove files and directories.
- These can be mixed with flags given on the command line.
- Any variable assignment resets any corresponding flags
- given before it, so for example:
+ These cannot be mixed with compiling / linking flags given
+ on the command line. In other words, something like this
+ isn't permitted.
./config -DFOO CPPFLAGS=-DBAR -DCOOKIE
- Will end up having 'CPPFLAGS=-DBAR -DCOOKIE'.
-
- Here is how the flags documented above are collected as
- augmentation of these variables:
-
- -Dxxx xxx is collected in CPPDEFINES
- -Ixxx xxx is collected in CPPINCLUDES
- -Wp,xxx collected in CPPFLAGS
- -Lxxx collected in LDFLAGS
- -lxxx collected in LDLIBS
- -Wp,xxx collected in LDLIBS
- -rpath xxx collected in LDLIBS
- -R xxx collected in LDLIBS
- -framework xxx collected in LDLIBS
- -static collected in LDLIBS
- -xxx collected in CFLAGS
- +xxx collected in CFLAGS
-
reconf
reconfigure
Reconfigure from earlier data. This fetches the previous
precedence over environment variables that are defined
when reconfiguring.
+ Displaying configuration data
+ -----------------------------
+
+ The configuration script itself will say very little, and finishes by
+ creating "configdata.pm". This perl module can be loaded by other scripts
+ to find all the configuration data, and it can also be used as a script to
+ display all sorts of configuration data in a human readable form.
+
+ For more information, please do:
+
+ $ ./configdata.pm --help # Unix
+
+ or
+
+ $ perl configdata.pm --help # Windows and VMS
+
Installation in Detail
----------------------
("openssl"). The libraries will be built in the top-level directory,
and the binary will be in the "apps" subdirectory.
+ Troubleshooting:
+
If the build fails, look at the output. There may be reasons
for the failure that aren't problems in OpenSSL itself (like
- missing standard headers). If you are having problems you can
- get help by sending an email to the openssl-users email list (see
+ missing standard headers).
+
+ If the build succeeded previously, but fails after a source or
+ configuration change, it might be helpful to clean the build tree
+ before attempting another build. Use this command:
+
+ $ make clean # Unix
+ $ mms clean ! (or mmk) OpenVMS
+ $ nmake clean # Windows
+
+ Assembler error messages can sometimes be sidestepped by using the
+ "no-asm" configuration option.
+
+ Compiling parts of OpenSSL with gcc and others with the system
+ compiler will result in unresolved symbols on some systems.
+
+ If you are still having problems you can get help by sending an email
+ to the openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for details). If
it is a bug with OpenSSL itself, please open an issue on GitHub, at
https://github.com/openssl/openssl/issues. Please review the existing
ones first; maybe the bug was already reported or has already been
fixed.
- (If you encounter assembler error messages, try the "no-asm"
- configuration option as an immediate fix.)
-
- Compiling parts of OpenSSL with gcc and others with the system
- compiler will result in unresolved symbols on some systems.
-
3. After a successful build, the libraries should be tested. Run:
$ make test # Unix
uninstall
Uninstall all OpenSSL components.
+ reconfigure
+ reconf
+ Re-run the configuration process, as exactly as the last time
+ as possible.
+
update
This is a developer option. If you are developing a patch for
OpenSSL you may need to use this if you want to update
projects / openssl.git / blobdiff