-Installing OpenSSL on Unix
---------------------------
-[For instructions for compiling OpenSSL on Windows systems, see
-INSTALL.W32].
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
-To install OpenSSL, you will need:
+ [For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].
- * Perl
- * C compiler
- * A supported operating system
+ To install OpenSSL, you will need:
-Quick Start
------------
+ * Perl 5
+ * an ANSI C compiler
+ * a supported Unix operating system
-If you want to just get on with it, do:
+ Quick Start
+ -----------
- sh config [if this fails, go to step 1b below]
- make -f Makefile.ssl links
- make
- make rehash
- make test
- make install
+ If you want to just get on with it, do:
-This will build and install OpenSSL in the default location, which is
-/usr/local/ssl. If you want to install it anywhere else, do this
-after running ./Configure <system>:
+ $ ./config [if this fails, go to step 1b below]
+ $ make
+ $ make test
+ $ make install
- perl util/ssldir.pl /new/install/path
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
-If anything goes wrong, follow the detailed instructions below. If
-your operating system is not (yet) supported by OpenSSL, see the
-section on porting to a new system.
+ $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
-Installation in Detail
-----------------------
+ There are several options to ./config to customize the build:
- 1a. Configure OpenSSL for your operation system automatically
+ --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include. Configuration
+ files used by OpenSSL will be in DIR/ssl or the directory
+ specified by --openssldir.
- Run
+ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+ the library files and binaries are also installed there.
- sh config
+ rsaref Build with RSADSI's RSAREF toolkit.
- This guesses at your operating system (and compiler, if
- necessary) and configures OpenSSL based on this guess. Check the
- first line of output to see if it guessed correctly. If it did
- not get it correct or you want to use a different compiler then
- go to step 1b. Otherwise go to step 2.
+ no-asm Build with no assembler code.
- 1b. Configure OpenSSL for your operating system manually
+ 386 Use the 80386 instruction set only (the default x86 code is
+ more efficient, but requires at least a 486).
+
+ If anything goes wrong, follow the detailed instructions below. If your
+ operating system is not (yet) supported by OpenSSL, see the section on
+ porting to a new system.
+
+ Installation in Detail
+ ----------------------
- OpenSSL knows about a range of different operating system, hardware
- and compiler combinations. To see the ones it knows about, run
+ 1a. Configure OpenSSL for your operation system automatically:
- ./Configure
+ $ ./config
- Pick a suitable name from the list that matches your system. For
- most operating systems there is a choice between using "cc" or
- "gcc".
+ This guesses at your operating system (and compiler, if necessary) and
+ configures OpenSSL based on this guess. Run ./config -t -v to see
+ if it guessed correctly. If it did not get it correct or you want to
+ use a different compiler then go to step 1b. Otherwise go to step 2.
+
+ 1b. Configure OpenSSL for your operating system manually
- When you have identified your system (and if necessary compiler)
- use this name as the argument to ./Configure. For example, a
- "linux-elf" user would run:
+ OpenSSL knows about a range of different operating system, hardware and
+ compiler combinations. To see the ones it knows about, run
- ./Configure linux-elf
+ $ ./Configure
+
+ Pick a suitable name from the list that matches your system. For most
+ operating systems there is a choice between using "cc" or "gcc". When
+ you have identified your system (and if necessary compiler) use this name
+ as the argument to ./Configure. For example, a "linux-elf" user would
+ run:
+
+ $ ./Configure linux-elf [--prefix=DIR] [--openssldir=OPENSSLDIR]
If your system is not available, you will have to edit the Configure
- program and add the correct configuration for your system.
+ program and add the correct configuration for your system. The
+ generic configurations "cc" or "gcc" should usually work.
+
+ Configure creates the Makefile.ssl from Makefile.org and defines
+ various macros in crypto/opensslconf.h (generated from
+ crypto/opensslconf.h.in).
+
+ 2. Build OpenSSL by running:
+
+ $ make
+
+ This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+ OpenSSL binary ("openssl"). The libraries will be built in the top-level
+ directory, and the binary will be in the "apps" directory.
+
+ 3. After a successful build, the libraries should be tested. Run:
+
+ $ make test
+
+ 4. If everything tests ok, install OpenSSL with
+
+ $ make install
+
+ This will create the installation directory (if it does not exist) and
+ then create the following subdirectories:
+
+ certs Initially empty, this is the default location
+ for certificate files.
+ private Initially empty, this is the default location
+ for private key files.
+ lib Contains the OpenSSL configuration file "openssl.cnf".
+
+ If you didn't chose a different installation prefix, lib also contains
+ the library files themselves, and the following additional subdirectories
+ will be created:
- Configure configures various files by converting an existing .org
- file into the real file. If you edit any files, remember that if
- a corresponding .org file exists them the next time you run
- ./Configure your changes will be lost when the file gets
- re-created from the .org file. The files that are created from
- .org files are:
+ bin Contains the openssl binary and a few other
+ utility programs.
+ include/openssl Contains the header files needed if you want to
+ compile programs with libcrypto or libssl.
- Makefile.ssl
- crypto/des/des.h
- crypto/des/des_locl.h
- crypto/md2/md2.h
- crypto/rc4/rc4.h
- crypto/rc4/rc4_enc.c
- crypto/rc2/rc2.h
- crypto/bf/bf_locl.h
- crypto/idea/idea.h
- crypto/bn/bn.h
+ NOTE: The header files used to reside directly in the include
+ directory, but have now been moved to include/openssl so that
+ OpenSSL can co-exist with other libraries which use some of the
+ same filenames. This means that applications that use OpenSSL
+ should now use C preprocessor directives of the form
- 2. Set the install directory
+ #include <openssl/ssl.h>
- If the install directory will be the default of /usr/local/ssl,
- skip to the next stage. Otherwise, run
+ instead of "#include <ssl.h>", which was used with library versions
+ up to OpenSSL 0.9.2b.
- perl util/ssldir.pl /new/install/path
+ If you install a new version of OpenSSL over an old library version,
+ you should delete the old header files in the include directory.
- This configures the installation location into the "install"
- target of the top-level Makefile, and also updates some defines
- in an include file so that the default certificate directory is
- under the proper installation directory. It also updates a few
- utility files used in the build process.
+ Compatibility issues:
- 3. Build OpenSSL
+ * COMPILING existing applications
- Now run
+ To compile an application that uses old filenames -- e.g.
+ "#include <ssl.h>" --, it will usually be enough to find
+ the CFLAGS definition in the application's Makefile and
+ add a C option such as
- make
+ -I/usr/local/ssl/include/openssl
- This will build the OpenSSL libraries (libcrypto.a and libssl.a)
- and the OpenSSL binary ("openssl"). The libraries will be built
- in the top-level directory, and the binary will be in the "apps"
- directory.
+ to it.
- 4. After a successful build, the libraries should be tested. Run
+ But don't delete the existing -I option that points to
+ the ..../include directory! Otherwise, OpenSSL header files
+ could not #include each other.
- make rehash
- make test
+ * WRITING applications
- (The first line makes the test certificates in the "certs"
- directory accessable via an hash name, which is required for some
- of the tests).
+ To write an application that is able to handle both the new
+ and the old directory layout, so that it can still be compiled
+ with library versions up to OpenSSL 0.9.2b without bothering
+ the user, you can proceed as follows:
- 5. If everything tests ok, install OpenSSL with
+ - Always use the new filename of OpenSSL header files,
+ e.g. #include <openssl/ssl.h>.
- make install
+ - Create a directory "incl" that contains only a symbolic
+ link named "openssl", which points to the "include" directory
+ of OpenSSL.
+ For example, your application's Makefile might contain the
+ following rule, if OPENSSLDIR is a pathname (absolute or
+ relative) of the directory where OpenSSL resides:
- This will create the installation directory (if it does not
- exist) and then create the following subdirectories:
+ incl/openssl:
+ -mkdir incl
+ cd $(OPENSSLDIR) # Check whether the directory really exists
+ -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
- bin Contains the openssl binary and a few other utility
- programs. It also contains symbolic links so
- that openssl commands can be accessed directly
- (e.g. so that "s_client" can be used instead of
- "openssl s_client").
- certs Initially empty, this is the default location
- for certificate files.
- include Contains the header files needed if you want to
- compile programs with libcrypto or libssl.
- lib Contains the library files themselves and the
- OpenSSL configuration file "openssl.cnf".
- private Initially empty, this is the default location
- for private key files.
+ You will have to add "incl/openssl" to the dependencies
+ of those C files that include some OpenSSL header file.
-----------------------------------------------------------------------
+ - Add "-Iincl" to your CFLAGS.
-Additional Compilation Notes
-----------------------------
+ With these additions, the OpenSSL header files will be available
+ under both name variants if an old library version is used:
+ Your application can reach them under names like <openssl/foo.h>,
+ while the header files still are able to #include each other
+ with names of the form <foo.h>.
-These notes come from SSLeay 0.9.1 and cover some more advanced
-facilities (such as building a single makefile for use on Windows
-systems).
-# Installation of SSLeay.
-# It depends on perl for a few bits but those steps can be skipped and
-# the top level makefile edited by hand
+--------------------------------------------------------------------------------
+The orignal Unix build instructions from SSLeay follow.
+Note: some of this may be out of date and no longer applicable
+--------------------------------------------------------------------------------
# When bringing the SSLeay distribution back from the evil intel world
# of Windows NT, do the following to make it nice again under unix :-)