* NOTES.WIN (any supported Windows)
* NOTES.DJGPP (DOS platform with DJGPP)
* NOTES.ANDROID (obviously Android [NDK])
+ * NOTES.VALGRIND (testing with Valgrind)
Notational conventions in this document
---------------------------------------
$ nmake test
$ nmake install
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
If any of these steps fails, see section Installation in Detail below.
This will build and install OpenSSL in the default location, which is:
OpenSSL version number with underscores instead of periods.
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or install
+ engines. If you already have a pre-installed version of OpenSSL as part of
+ your Operating System it is recommended that you do not overwrite the system
+ version and instead install to somewhere else.
+
If you want to install it anywhere else, run config like this:
On Unix:
Don't build with support for deprecated APIs below the
specified version number. For example "--api=1.1.0" will
remove support for all APIS that were deprecated in OpenSSL
- version 1.1.0 or below.
+ version 1.1.0 or below. This is a rather specialized option
+ for developers. If you just intend to remove all deprecated
+ APIs entirely (up to the current version), it is easier
+ to add the 'no-deprecated' option instead (see below).
--cross-compile-prefix=PREFIX
The PREFIX to include in front of commands for your
source exists.
getrandom: Use the L<getrandom(2)> or equivalent system
call.
- devrandom: Use the the first device from the DEVRANDOM list
+ devrandom: Use the first device from the DEVRANDOM list
which can be opened to read random bytes. The
DEVRANDOM preprocessor constant expands to
"/dev/urandom","/dev/random","/dev/srandom" on
Don't build the CAPI engine. This option will be forced if
on a platform that does not support CAPI.
+ no-cmp
+ Don't build support for CMP features
+
no-cms
Don't build support for CMS features
Don't build support for datagram based BIOs. Selecting this
option will also force the disabling of DTLS.
+ no-dso
+ Don't build support for loading Dynamic Shared Objects.
+
enable-devcryptoeng
Build the /dev/crypto engine. It is automatically selected
on BSD implementations, in which case it can be disabled with
available if the GOST algorithms are also available through
loading an externally supplied engine.
+ no-legacy
+ Don't build the legacy provider. Disabling this also disables
+ the legacy algorithms: MD2 (already disabled by default).
+
no-makedepend
Don't generate dependencies.
Enable additional unit test APIs. This should not typically
be used in production deployments.
+ no-uplink
+ Don't build support for UPLINK interface.
+
enable-weak-ssl-ciphers
Build support for SSL/TLS ciphers that are considered "weak"
(e.g. RC4 based ciphersuites).
Take note of the VAR=value documentation below and how
these flags interact with those variables.
- -xxx, +xxx
+ -xxx, +xxx, /xxx
Additional options that are not otherwise recognised are
- passed through as they are to the compiler as well. Again,
- consult your compiler documentation.
+ passed through as they are to the compiler as well.
+ Unix-style options beginning with a '-' or '+' and
+ Windows-style options beginning with a '/' are recognized.
+ Again, consult your compiler documentation.
+
+ If the option contains arguments separated by spaces,
+ then the URL-style notation %20 can be used for the space
+ character in order to avoid having to quote the option.
+ For example, -opt%20arg gets expanded to -opt arg.
+ In fact, any ASCII character can be encoded as %xx using its
+ hexadecimal encoding.
Take note of the VAR=value documentation below and how
these flags interact with those variables.
malfunction with Perl). You may want increased verbosity, that
can be accomplished like this:
- $ make VERBOSE=1 test # Unix
+ Verbosity on failure only (make macro VERBOSE_FAILURE or VF):
- $ mms /macro=(VERBOSE=1) test ! OpenVMS
+ $ make VF=1 test # Unix
+ $ mms /macro=(VF=1) test ! OpenVMS
+ $ nmake VF=1 test # Windows
- $ nmake VERBOSE=1 test # Windows
+ Full verbosity (make macro VERBOSE or V):
+
+ $ make V=1 test # Unix
+ $ mms /macro=(V=1) test ! OpenVMS
+ $ nmake V=1 test # Windows
If you want to run just one or a few specific tests, you can use
the make variable TESTS to specify them, like this:
And of course, you can combine (Unix example shown):
- $ make VERBOSE=1 TESTS='test_rsa test_dsa' test
+ $ make VF=1 TESTS='test_rsa test_dsa' test
You can find the list of available tests like this:
$ mms install ! OpenVMS
$ nmake install # Windows
- This will install all the software components in this directory
- tree under PREFIX (the directory given with --prefix or its
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
+ The above commands will install all the software components in this
+ directory tree under PREFIX (the directory given with --prefix or its
default):
Unix:
for private key files.
misc Various scripts.
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or
+ install engines. If you already have a pre-installed version of OpenSSL as
+ part of your Operating System it is recommended that you do not overwrite
+ the system version and instead install to somewhere else.
+
Package builders who want to configure the library for standard
locations, but have the package installed somewhere else so that
it can easily be packaged, can use
$ make TESTS='[89]? -90'
+To stochastically verify that the algorithm that produces uniformly distributed
+random numbers is operating correctly (with a false positive rate of 0.01%):
+
+ $ ./util/shlib_wrap.sh test/bntest -stochastic
+
Note on multi-threading
-----------------------
projects / openssl.git / blobdiff