X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=INSTALL;h=3c8548dd3b89104015d654f307d3fad11efead97;hp=064b2f8b000ac704758e05b2191be07da4fa3aff;hb=014cc4b27a7f8ed0cf23a3c9d1fdbf44e41b7993;hpb=0a8ddc17f57691c8e2e2446c4126fb4133d07d21 diff --git a/INSTALL b/INSTALL index 064b2f8b00..3c8548dd3b 100644 --- a/INSTALL +++ b/INSTALL @@ -482,27 +482,24 @@ likely to complement configuration command line with suitable compiler-specific option. - enable-tls1_3 - TODO(TLS1.3): Make this enabled by default - Build support for TLS1.3. Note: This is a WIP feature and - only a single draft version is supported. Implementations - of different draft versions will negotiate TLS 1.2 instead - of (draft) TLS 1.3. Use with caution!! - no- Don't build support for negotiating the specified SSL/TLS - protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls, - dtls1 or dtls1_2). If "no-tls" is selected then all of tls1, - tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will - disable dtls1 and dtls1_2. The "no-ssl" option is synonymous - with "no-ssl3". Note this only affects version negotiation. - OpenSSL will still provide the methods for applications to - explicitly select the individual protocol versions. + protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, + tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then + all of tls1, tls1_1, tls1_2 and tls1_3 are disabled. + Similarly "no-dtls" will disable dtls1 and dtls1_2. The + "no-ssl" option is synonymous with "no-ssl3". Note this only + affects version negotiation. OpenSSL will still provide the + methods for applications to explicitly select the individual + protocol versions. no--method As for no- but in addition do not build the methods for applications to explicitly select individual protocol - versions. + versions. Note that there is no "no-tls1_3-method" option + because there is no application method for TLSv1.3. Using + individual protocol methods directly is deprecated. + Applications should use TLS_method() instead. enable- Build with support for the specified algorithm, where @@ -510,13 +507,13 @@ no- Build without support for the specified algorithm, where - is one of: bf, blake2, camellia, cast, chacha, cmac, - des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305, - rc2, rc4, rmd160, scrypt, seed, siphash or whirlpool. The - "ripemd" algorithm is deprecated and if used is synonymous - with rmd160. + is one of: aria, bf, blake2, camellia, cast, chacha, + cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, + poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4 + or whirlpool. The "ripemd" algorithm is deprecated and if + used is synonymous with rmd160. - -Dxxx, lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static + -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static These system specific options will be recognised and passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, library @@ -527,11 +524,119 @@ unsuitable for execution on other, typically older, processor. Consult your compiler documentation. + Take note of the VAR=value documentation below and how + these flags interact with those variables. + -xxx, +xxx Additional options that are not otherwise recognised are passed through as they are to the compiler as well. Again, consult your compiler documentation. + Take note of the VAR=value documentation below and how + these flags interact with those variables. + + VAR=value + Assignment if environment variable for Configure. These + work just like normal environment variable assignments, + but are supported on all platforms and are confined to + the configuration scripts only. These assignments override + the corresponding value in the inherited environment, if + there is one. + + The following variables are used as "make variables" and + can be used as an alternative to giving preprocessor, + compiler and linker options directly as configuration. + The following variables are supported: + + AR The static library archiver. + ARFLAGS Flags for the static library archiver. + AS The assembler compiler. + ASFLAGS Flags for the assembler compiler. + CC The C compiler. + CFLAGS Flags for the C compiler. + CXX The C++ compiler. + CXXFLAGS Flags for the C++ compiler. + CPP The C/C++ preprocessor. + CPPFLAGS Flags for the C/C++ preprocessor. + CPPDEFINES List of CPP macro definitions, separated + by a platform specific character (':' or + space for Unix, ';' for Windows, ',' for + VMS). This can be used in place of -D. + CPPINCLUDES List of CPP inclusion directories, separated + the same way as for CPPDEFINES. This can + be used in place of -I. + HASHBANGPERL Perl invocation to be inserted after '#!' + in public perl scripts. + LD The program linker (not used on Unix, $(CC) + is used there). + LDFLAGS Flags for the shared library, DSO and + program linker. + LDLIBS Extra libraries to use when linking. + Takes the form of a space separated list + of library specifications on Unix and + Windows, and as a comma separated list of + libraries on VMS. + RANLIB The library archive indexer. + RC The Windows resources manipulator. + RCFLAGS Flags for the Windows reources manipulator. + RM The command to remove files and directories. + + These can be mixed with flags given on the command line. + Any variable assignment resets any corresponding flags + given before it, so for example: + + ./config -DFOO CPPFLAGS=-DBAR -DCOOKIE + + Will end up having 'CPPFLAGS=-DBAR -DCOOKIE'. + + Here is how the flags documented above are collected as + augmentation of these variables: + + -Dxxx xxx is collected in CPPDEFINES + -Ixxx xxx is collected in CPPINCLUDES + -Wp,xxx collected in CPPFLAGS + -Lxxx collected in LDFLAGS + -lxxx collected in LDLIBS + -Wp,xxx collected in LDLIBS + -rpath xxx collected in LDLIBS + -R xxx collected in LDLIBS + -framework xxx collected in LDLIBS + -static collected in LDLIBS + -xxx collected in CFLAGS + +xxx collected in CFLAGS + + reconf + reconfigure + Reconfigure from earlier data. This fetches the previous + command line options and environment from data saved in + "configdata.pm", and runs the configuration process again, + using these options and environment. + Note: NO other option is permitted together with "reconf". + This means that you also MUST use "./Configure" (or + what corresponds to that on non-Unix platforms) directly + to invoke this option. + Note: The original configuration saves away values for ALL + environment variables that were used, and if they weren't + defined, they are still saved away with information that + they weren't originally defined. This information takes + precedence over environment variables that are defined + when reconfiguring. + + Displaying configuration data + ----------------------------- + + The configuration script itself will say very little, and finishes by + creating "configdata.pm". This perl module can be loaded by other scripts + to find all the configuration data, and it can also be used as a script to + display all sorts of configuration data in a human readable form. + + For more information, please do: + + $ ./configdata.pm --help # Unix + + or + + $ perl configdata.pm --help # Windows and VMS Installation in Detail ---------------------- @@ -644,22 +749,34 @@ ("openssl"). The libraries will be built in the top-level directory, and the binary will be in the "apps" subdirectory. + Troubleshooting: + If the build fails, look at the output. There may be reasons for the failure that aren't problems in OpenSSL itself (like - missing standard headers). If you are having problems you can - get help by sending an email to the openssl-users email list (see + missing standard headers). + + If the build succeeded previously, but fails after a source or + configuration change, it might be helpful to clean the build tree + before attempting another build. Use this command: + + $ make clean # Unix + $ mms clean ! (or mmk) OpenVMS + $ nmake clean # Windows + + Assembler error messages can sometimes be sidestepped by using the + "no-asm" configuration option. + + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. + + If you are still having problems you can get help by sending an email + to the openssl-users email list (see https://www.openssl.org/community/mailinglists.html for details). If it is a bug with OpenSSL itself, please open an issue on GitHub, at https://github.com/openssl/openssl/issues. Please review the existing ones first; maybe the bug was already reported or has already been fixed. - (If you encounter assembler error messages, try the "no-asm" - configuration option as an immediate fix.) - - Compiling parts of OpenSSL with gcc and others with the system - compiler will result in unresolved symbols on some systems. - 3. After a successful build, the libraries should be tested. Run: $ make test # Unix @@ -919,6 +1036,11 @@ uninstall Uninstall all OpenSSL components. + reconfigure + reconf + Re-run the configuration process, as exactly as the last time + as possible. + update This is a developer option. If you are developing a patch for OpenSSL you may need to use this if you want to update