Compiling OpenSSL for Windows, Linux, and Macintosh

(by Brian Wilson, 6/4/07)


(Read a personal description of Backblaze here.)

0. What is OpenSSL?

OpenSSL is a free, redistributable library that is used widely by many organizations to provide cryptography support. For example, the free library libCURL uses OpenSSL to implement HTTPS (SSL over HTTP) support. RedHat Linux and Macintosh both ship OpenSSL in their default distributions world wide, so the current distribution (and testing base) is somewhere in the *millions* of units to every country on the planet.  The official OpenSSL website is here: http://www.openssl.org  I am just a fan of using this technology, I'm not associated with the official website or authors at all.

1. Shameless Adoration:

Free, cross-platform (Windows, Macintosh, Linux!) redistributable cryptography, based on YEARS of work by these programmers for no apparent gain, fully redistributable world-wide!! OpenSSL is an AMAZING achievement, I'm so glad it is available!  I have used it at several companies, including two startups, so the ability to get this for free and then redistribute it is truly wonderful! I have benefited both by saving time AND by making a lot of money by using OpenSSL. -- Brian Wilson, 6/4/07

2. What EXACTLY are the libraries named?

The "library" portion of OpenSSL (the part you link with your applications) consists of two libraries. On Linux and on Macintosh these are: libssl.a and libcrypto.a, while on Windows they are named completely different: libeay32.a and ssleay32.a (nobody but the authors know why they would diverge like that).  UPDATE 8/30/2010 - a hint might be the the author of libeay32.a is Eric Young (thanks to David Horton for pointing that out!)

The lowest level is libssl.a which implements SSL (Secure Socket Layer). The other library is called libcrypto.a and implements a wide range of cryptographic algorithms (think OpenPGP). You can compile these two libraries statically (.a) or they can be dynamically linked like libcrypto.so on Linux, and libcrypto.dylib and libssl.dylib on the Macintosh. 

3. How Do I (Brian) Choose to Compile And Link With OpenSSL?

I couldn't get OpenSSL to build in the Backblaze build tree environment directly, which is actually Ok because that means I don't mix my code in with the OpenSSL code, and proves I can link with any version of OpenSSL.  What I do is build it once, and check in the libraries into a "prebuilt" directory in SVN (source code control).  The headers get checked into a standard location in my tree that ends with ...\thirdpartylibs\openssl

NOTE: I choose to link statically with the one version of OpenSSL checked into my source tree, so that there is absolutely no confusion which version is run. If you run the wrong .dll (.so) version your application can crash, or won't even launch (!) or worse have security issues.  The version I compile against in my tree is the one I test with, and as new releases come out I can update them in my source tree then test before releasing to customers.

UNFORTUNATE NOTE ABOUT MACINTOSH: I could not get the OpenSSL libraries to compile on the Mac, so in the short term I am linking against the shared OpenSSL libraries that ship on the Mac by default. I would like to fix this for the reasons stated above, but for now this allows me to move on to other work.
 

4. The Nitty Gritty - Steps to Compile OpenSSL in Visual Studio 8 (Visual Studio 2005 / .Net)

Requirements not covered in this webpage:

1) You need Perl from http://www.activestate.com/ActivePerl
2) Microsoft Visual Studio 8 (also known as VS2005 or VS ".Net")
3) A "gunzip" and "tar" tool that aren't standard on Microsoft Windows

4 (Step A). Download and unpack the source code from http://www.openssl.org

The file is called openssl-0.9.8e.tar.gz and the instructions to build it on Windows with Visual Studio .Net are found in the file INSTALL.W32 found at the top level of the OpenSSL distribution.  Below are the commands I typed in a completely standard command prompt (cmd.exe) window.  DO NOT USE cygwin shells, they will not work!!

    4A.1 gunzip openssl-0.9.8e.tar.gz
    4A.2 tar -xvf openssl-0.9.8e.tar

    4A.3 cd openssl-0.9.8e (the rest of the commands are done INSIDE here)

4 (Step B). Get Visual Studio environment setup (get "ml.exe" and "nmake" in your path)

The default install for Microsoft Visual Studio doesn't include the environment variables to run Visual Studio from the command line.  The authors of OpenSSL prefer to work from the command line, so we adapt here.  You only really need two little executables called "ml.exe" and "nmake" which ship with Visual Studio, but here are the commands I typed to set this up.   Below are the commands I typed (remember, these are in the same completely standard Windows command prompt, cygwin shells will not work for this!!)

    4B.1 "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\vsvars32.bat"
         (Notice the double quotes to help this run correctly.)

4 (Step C). Generate the OpenSSL configuration files we need for "Visual Studio .Net" (by using Perl)

OpenSSL doesn't ship ready to compile.  The idea is that you run a perl script that automatically modifies the ".h" files to work properly, THEN you compile. Below are the commands I typed to run the perl step.

    4C.1 mkdir c:\tmp_open_ssl
    4C.2 perl Configure VC-WIN32 --prefix=c:/tmp_open_ssl
(This says place all the finished installed output in /tmp_open_ssl.)
    4C.3 ms\do_masm
(This configures OpenSSL to compile some stuff using Microsoft Visual Studio Assembler)

4 (Step D). Build it!  And also have the libraries placed into C:\tmp_open_ssl directory

Below are the commands I typed to build OpenSSL with Visual Studio .Net (also known as Visual Studio 2005 or Visual Studio 8).

    4D.1 nmake -f ms\nt.mak
(if you want DLLs, then use "ms\ntdll.mak")
    4D.2 nmake -f ms\nt.mak install 

4 (Step E). Copy the OpenSSL statically linked libraries and include files into my build tree

For reasons I stated above, now I copy the two libraries, plus the include files into my build tree to isolate me from everything else. Below are the commands I typed:

    4E.1 mkdir C:\tree\trunk\thirdpartylibs\openssl
(This just happens to be where I will put the include files in my build tree)
    4E.2 cp C:\tmp_open_ssl\include\openssl\* C:\tree\trunk\thirdpartylibs\openssl
    4E.3 cp C:\tmp_open_ssl\lib\* C:\tree\trunk\prebuilt\win32
         (two files: libeay32.lib and ssleay32.lib)

All Done With Windows!!

 

5. The Nitty Gritty - Steps to Compile OpenSSL with g++ on RedHat Enterprise Linux

Requirements: I did this on a RedHat Enterprise Linux 5 beta 2 machine.  Click HERE to see details on that box.

5 (Step A). Download and unpack the source code from http://www.openssl.org

The file is called openssl-0.9.8e.tar.gz and the instructions to build it on most Unix systems are found in the file "INSTALL" found at the top level of the OpenSSL distribution.  Below are the commands I typed in a completely standard command prompt (cmd.exe) window.  

    5A.1 gunzip openssl-0.9.8e.tar.gz
    5A.2 tar -xvf openssl-0.9.8e.tar

    5A.3 cd openssl-0.9.8e (the rest of the commands are done INSIDE here)

5 (Step B). Generate the OpenSSL configuration files we need for Linux

NOTE: some good hints found in the "INSTALL" file (instructions).  Below are the commands I typed

    5B.1 mkdir /home/brianw/tmp_open_ssl
    5B.2 ./config --prefix=/home/brianw/tmp_open_ssl

5 (Step C). Build it!  And also have the libraries placed into C:\tmp_open_ssl directory

Below are the commands I typed to build OpenSSL on RedHat Linux.

    5C.1 make
    5C.2 make install

5 (Step D). Copy the OpenSSL statically linked libraries and include files into my build tree

For reasons I stated above, now I copy the two libraries, plus the include files into my build tree to isolate me from everything else. Below are the commands I typed:

    5D.1 cp /home/brianw/tmp_open_ssl/lib/*.a tree/trunk/thirdpartylibs/openssl
(This just happens to be where I will put the include files in my build tree)
    5D.2 cp /home/brianw/tmp_open_ssl/lib/*.a .../trunk/prebuilt/linux/
(two files: libcrypto.a libssl.a)

NOTE ABOUT HEADERS: I have a cross platform development environment, which means the SAME TREE compiles without any changes on Windows, Linux, and Macintosh.  So I had to combine the header file called "opensslconf.h" that is generated EITHER for linux OR for Windows with a big huge "ifdef _WIN32" so that it works for both platforms.  Click here for the copy of that file I hand modified for my particular build environment (search for BRIANW in that file to see the humongous "#ifdef _WIN32".

All Done With Linux!!

 

6. The Nitty Gritty - Steps to Compile OpenSSL with cc on Apple Macintosh Mac OS X 10.4

XXXXX NOTE: THESE STEPS DO NOT WORK!!  I don't think it is possible to get the current release compiled on a Macintosh statically!!!  If you come up with a working version, please email me with what steps I did wrong!!!

Requirements: I did this on a Mac Mini Core 2 Duo (x86 box)

6 (Step A). Download and unpack the source code from http://www.openssl.org

The file is called openssl-0.9.8e.tar.gz and the instructions to build it on most Unix systems are found in the file "INSTALL" found at the top level of the OpenSSL distribution.  For the Macintosh there is a release note called "PROBLEMS" which describes the step 6C below you must take. Below are the commands I typed in a completely standard command prompt (cmd.exe) window.  

    6A.1 gunzip openssl-0.9.8e.tar.gz
    6A.2 tar -xvf openssl-0.9.8e.tar

    6A.3 cd openssl-0.9.8e (the rest of the commands are done INSIDE here)

6 (Step B). Generate the OpenSSL configuration files we need for Mac OS X 10.4

NOTE: some good hints found in the "INSTALL" file (instructions).  Below are the commands I typed

    6B.1 mkdir /Users/brianw/tmp_open_ssl
    6B.2 ./config --prefix=/Users/brianw/tmp_open_ssl

6 (Step C). SPECIAL MACINTOSH OPENSSL BUILD INSTRUCTIONS for OpenSSL and Mac OS X 10.4

(These steps are from the file "PROBLEMS" found in the top directory, it is working around a problem with the Mac picking up the libs that SHIP with the Mac that are incompatible!) Below are the special steps I had to take:

    6C.1 edit apps/Makefile and test/Makefile and change these two lines:
             LIBCRYPTO=-L.. -lcrypto
             LIBSSL=-L.. -lssl
         into these two lines:
             LIBCRYPTO=../libcrypto.a
             LIBSSL=../libssl.a

    6C.2 NOTE-> I ALSO HAD TO REMOVE TWO TESTS from the Makefile: 
         the "MDC5TEST" and something like "md5test", the compile
         complained saying "no main() defined" (this is on Mac OS X with OpenSSL)
and the ".c" files seem to be empty??

6 (Step D). Build it!   And also have the libaries placed into /Users/brianw/tmp_open_ssl

Below are the commands I typed to build OpenSSL on Mac OS X 10.4.

    6D.1 make
    6D.2 make install

6 (Step E). Copy the finished product into the correct locations in my build tree

For reasons I stated above, now I copy the two libraries, plus the include files into my build tree to isolate me from everything else. Below are the commands I typed:

    6E.1 cp /home/brianw/tmp_open_ssl/lib/*.a ...trunk/prebuilt/linux/
         (two files: libcrypto.a libssl.a)

    MACINTOSH NOTE: When I try to link against these libraries, there is this
    error: 

    COMPILER LINE (cleaned up for readability):
      g++ -g3 bzworker.o install.o ../../bzlibs/bzextra/libbzextra.a 
      ../../thirdpartylibs/zlib/libzlib.a ../../thirdpartylibs/curl/libcurl.a 
      ../../prebuilt/mac/libssl.a ../../prebuilt/mac/libcrypto.a 
      ../../bzlibs/bzbase/libbzbase.a -ldl -lresolv -lpthread -o bzworker

    COMPILER ERROR (cleaned up for readability):
      /usr/bin/ld: table of contents for archive: ../../prebuilt/mac/libssl.a 
      is out of date; rerun ranlib(1) (can't load from it)
      /usr/bin/ld: table of contents for archive: ../../prebuilt/mac/libcrypto.a
      is out of date; rerun ranlib(1) (can't load from it)
      collect2: ld returned 1 exit status
      make[2]: *** [bzworker] Error 1
      make[1]: *** [all] Error 2
      make: *** [all] Error 2

So I cannot get this OpenSSL compiled correctly on the Mac.  I tried several things that always failed, I always get the above error saying something went wrong with "ranlib".  Developing for the Macintosh is very hard, because there are no examples on the web and very VERY few developers and little or no help resources.  So if you know how to solve this problem, PLEASE EMAIL ME!!  Thanks!

UNFORTUNATE NOTE ABOUT MACINTOSH: I could not get the OpenSSL libraries to compile on the Mac, so in the short term I am linking against the shared OpenSSL libraries that ship on the Mac by default. I would like to fix this for the reasons stated above, but for now this allows me to move on to other work.

All Done With Mac OS X 10.4 and OpenSSL!!

6 (Step F). HINTS FROM OTHER USERS on how to Compile for Macintosh!

I have not verified these yet, but other users have said these instructions work:

A helpful reader on the internet writes that this will work on the Mac:

$ ./Configure --prefix=/cmc/openssl/openssl-0.9.8i/
--openssldir=/cmc/openssl/openssl-0.9.8i/ darwin-ppc-cc -DUSE_TOD
threads shared no-idea

 

 

 

 


(Read a personal description of Backblaze here.)

Click Here to return to Ski-Epic Home, and Click Here to return to Random Stuff in Brian's Life