270 lines
10 KiB
Plaintext
270 lines
10 KiB
Plaintext
|
|
INSTALLATION ON THE UNIX PLATFORM
|
|
---------------------------------
|
|
|
|
[For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].
|
|
|
|
To install OpenSSL, you will need:
|
|
|
|
* Perl 5
|
|
* ANSI C compiler
|
|
* A supported Unix operating system
|
|
|
|
Quick Start
|
|
-----------
|
|
|
|
If you want to just get on with it, do:
|
|
|
|
$ ./config [if this fails, go to step 1b below]
|
|
$ make
|
|
$ make rehash
|
|
$ make test
|
|
$ make install
|
|
|
|
This will build and install OpenSSL in the default location, which is (for
|
|
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
|
|
do this after running `./config':
|
|
|
|
$ perl util/ssldir.pl /new/install/path
|
|
|
|
There are several options to ./config to customize the build:
|
|
|
|
rsaref Build with RSADSI's RSAREF toolkit.
|
|
no-asm Build with no assembler code.
|
|
386 Use the 80386 instruction set only (the default x86 code is
|
|
more efficient, but requires at least a 486).
|
|
|
|
If anything goes wrong, follow the detailed instructions below. If your
|
|
operating system is not (yet) supported by OpenSSL, see the section on
|
|
porting to a new system.
|
|
|
|
Installation in Detail
|
|
----------------------
|
|
|
|
1a. Configure OpenSSL for your operation system automatically:
|
|
|
|
$ ./config
|
|
|
|
This guesses at your operating system (and compiler, if necessary) and
|
|
configures OpenSSL based on this guess. Check the first line of output to
|
|
see if it guessed correctly. If it did not get it correct or you want to
|
|
use a different compiler then go to step 1b. Otherwise go to step 2.
|
|
|
|
1b. Configure OpenSSL for your operating system manually
|
|
|
|
OpenSSL knows about a range of different operating system, hardware and
|
|
compiler combinations. To see the ones it knows about, run
|
|
|
|
$ ./Configure
|
|
|
|
Pick a suitable name from the list that matches your system. For most
|
|
operating systems there is a choice between using "cc" or "gcc". When
|
|
you have identified your system (and if necessary compiler) use this name
|
|
as the argument to ./Configure. For example, a "linux-elf" user would
|
|
run:
|
|
|
|
$ ./Configure linux-elf
|
|
|
|
If your system is not available, you will have to edit the Configure
|
|
program and add the correct configuration for your system.
|
|
|
|
Configure configures various files by converting an existing .org file
|
|
into the real file. If you edit any files, remember that if a
|
|
corresponding .org file exists them the next time you run ./Configure
|
|
your changes will be lost when the file gets re-created from the .org
|
|
file. The files that are created from .org files are:
|
|
|
|
Makefile.ssl
|
|
crypto/des/des.h
|
|
crypto/des/des_locl.h
|
|
crypto/md2/md2.h
|
|
crypto/rc4/rc4.h
|
|
crypto/rc4/rc4_enc.c
|
|
crypto/rc2/rc2.h
|
|
crypto/bf/bf_locl.h
|
|
crypto/idea/idea.h
|
|
crypto/bn/bn.h
|
|
|
|
2. Set the install directory
|
|
|
|
If the install directory will be the default of /usr/local/ssl, skip to
|
|
the next stage. Otherwise, run
|
|
|
|
$ perl util/ssldir.pl /new/install/path
|
|
|
|
This configures the installation location into the "install" target of
|
|
the top-level Makefile, and also updates some defines in an include file
|
|
so that the default certificate directory is under the proper
|
|
installation directory. It also updates a few utility files used in the
|
|
build process.
|
|
|
|
3. Build OpenSSL by running:
|
|
|
|
$ make
|
|
|
|
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
|
|
OpenSSL binary ("openssl"). The libraries will be built in the top-level
|
|
directory, and the binary will be in the "apps" directory.
|
|
|
|
4. After a successful build, the libraries should be tested. Run:
|
|
|
|
$ make rehash
|
|
$ make test
|
|
|
|
(The first line makes the test certificates in the "certs" directory
|
|
accessable via an hash name, which is required for some of the tests).
|
|
|
|
5. If everything tests ok, install OpenSSL with
|
|
|
|
$ make install
|
|
|
|
This will create the installation directory (if it does not exist) and
|
|
then create the following subdirectories:
|
|
|
|
bin Contains the openssl binary and a few other
|
|
utility programs.
|
|
include Contains the header files needed if you want to
|
|
compile programs with libcrypto or libssl.
|
|
lib Contains the library files themselves and the
|
|
OpenSSL configuration file "openssl.cnf".
|
|
certs Initially empty, this is the default location
|
|
for certificate files.
|
|
private Initially empty, this is the default location
|
|
for private key files.
|
|
|
|
|
|
--------------------------------------------------------------------------------
|
|
The orignal Unix build instructions from SSLeay follow.
|
|
Note: some of this may be out of date and no longer applicable
|
|
--------------------------------------------------------------------------------
|
|
|
|
# When bringing the SSLeay distribution back from the evil intel world
|
|
# of Windows NT, do the following to make it nice again under unix :-)
|
|
# You don't normally need to run this.
|
|
sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
|
|
|
|
# If you have perl, and it is not in /usr/local/bin, you can run
|
|
perl util/perlpath.pl /new/path
|
|
# and this will fix the paths in all the scripts. DO NOT put
|
|
# /new/path/perl, just /new/path. The build
|
|
# environment always run scripts as 'perl perlscript.pl' but some of the
|
|
# 'applications' are easier to usr with the path fixed.
|
|
|
|
# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
|
|
# to set the install locations if you don't like
|
|
# the default location of /usr/local/ssl
|
|
# Do this by running
|
|
perl util/ssldir.pl /new/ssl/home
|
|
# if you have perl, or by hand if not.
|
|
|
|
# If things have been stuffed up with the sym links, run
|
|
make -f Makefile.ssl links
|
|
# This will re-populate lib/include with symlinks and for each
|
|
# directory, link Makefile to Makefile.ssl
|
|
|
|
# Setup the machine dependent stuff for the top level makefile
|
|
# and some select .h files
|
|
# If you don't have perl, this will bomb, in which case just edit the
|
|
# top level Makefile.ssl
|
|
./Configure 'system type'
|
|
|
|
# The 'Configure' command contains default configuration parameters
|
|
# for lots of machines. Configure edits 5 lines in the top level Makefile
|
|
# It modifies the following values in the following files
|
|
Makefile.ssl CC CFLAG EX_LIBS BN_MULW
|
|
crypto/des/des.h DES_LONG
|
|
crypto/des/des_locl.h DES_PTR
|
|
crypto/md2/md2.h MD2_INT
|
|
crypto/rc4/rc4.h RC4_INT
|
|
crypto/rc4/rc4_enc.c RC4_INDEX
|
|
crypto/rc2/rc2.h RC2_INT
|
|
crypto/bf/bf_locl.h BF_INT
|
|
crypto/idea/idea.h IDEA_INT
|
|
crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
|
|
SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
|
|
SIXTEEN_BIT or EIGHT_BIT)
|
|
Please remember that all these files are actually copies of the file with
|
|
a .org extention. So if you change crypto/des/des.h, the next time
|
|
you run Configure, it will be runover by a 'configured' version of
|
|
crypto/des/des.org. So to make the changer the default, change the .org
|
|
files. The reason these files have to be edited is because most of
|
|
these modifications change the size of fundamental data types.
|
|
While in theory this stuff is optional, it often makes a big
|
|
difference in performance and when using assember, it is importaint
|
|
for the 'Bignum bits' match those required by the assember code.
|
|
A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
|
|
flag to use the hardware multiply instruction which was not present in
|
|
earlier versions of the sparc CPU. I define it by default. If you
|
|
have an old sparc, and it crashes, try rebuilding with this flag
|
|
removed. I am leaving this flag on by default because it makes
|
|
things run 4 times faster :-)
|
|
|
|
# clean out all the old stuff
|
|
make clean
|
|
|
|
# Do a make depend only if you have the makedepend command installed
|
|
# This is not needed but it does make things nice when developing.
|
|
make depend
|
|
|
|
# make should build everything
|
|
make
|
|
|
|
# fix up the demo certificate hash directory if it has been stuffed up.
|
|
make rehash
|
|
|
|
# test everything
|
|
make test
|
|
|
|
# install the lot
|
|
make install
|
|
|
|
# It is worth noting that all the applications are built into the one
|
|
# program, ssleay, which is then has links from the other programs
|
|
# names to it.
|
|
# The applicatons can be built by themselves, just don't define the
|
|
# 'MONOLITH' flag. So to build the 'enc' program stand alone,
|
|
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
|
|
|
|
# Other useful make options are
|
|
make makefile.one
|
|
# which generate a 'makefile.one' file which will build the complete
|
|
# SSLeay distribution with temp. files in './tmp' and 'installable' files
|
|
# in './out'
|
|
|
|
# Have a look at running
|
|
perl util/mk1mf.pl help
|
|
# this can be used to generate a single makefile and is about the only
|
|
# way to generate makefiles for windows.
|
|
|
|
# There is actually a final way of building SSLeay.
|
|
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
|
|
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
|
|
# and you now have the 2 libraries as single object files :-).
|
|
# If you want to use the assember code for your particular platform
|
|
# (DEC alpha/x86 are the main ones, the other assember is just the
|
|
# output from gcc) you will need to link the assember with the above generated
|
|
# object file and also do the above compile as
|
|
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
|
|
|
|
This last option is probably the best way to go when porting to another
|
|
platform or building shared libraries. It is not good for development so
|
|
I don't normally use it.
|
|
|
|
To build shared libararies under unix, have a look in shlib, basically
|
|
you are on your own, but it is quite easy and all you have to do
|
|
is compile 2 (or 3) files.
|
|
|
|
For mult-threading, have a read of doc/threads.doc. Again it is quite
|
|
easy and normally only requires some extra callbacks to be defined
|
|
by the application.
|
|
The examples for solaris and windows NT/95 are in the mt directory.
|
|
|
|
have fun
|
|
|
|
eric 25-Jun-1997
|
|
|
|
IRIX 5.x will build as a 32 bit system with mips1 assember.
|
|
IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
|
|
to n32 standards. In theory you can compile the 64 bit assember under
|
|
IRIX 5.x but you will have to have the correct system software installed.
|