Back to home page

openssl Cross Reference



0003  ----------------------------------
0005  [Instructions for building for Windows CE can be found in INSTALL.WCE]
0006  [Instructions for building for Win64 can be found in INSTALL.W64]
0008  Here are a few comments about building OpenSSL for Win32 environments,
0009  such as Windows NT and Windows 9x. It should be noted though that
0010  Windows 9x are not ordinarily tested. Its mention merely means that we
0011  attempt to maintain certain programming discipline and pay attention
0012  to backward compatibility issues, in other words it's kind of expected
0013  to work on Windows 9x, but no regression tests are actually performed.
0015  On additional note newer OpenSSL versions are compiled and linked with
0016  Winsock 2. This means that minimum OS requirement was elevated to NT 4
0017  and Windows 98 [there is Winsock 2 update for Windows 95 though].
0019  - you need Perl for Win32.  Unless you will build on Cygwin, you will need
0020    ActiveState Perl, available from
0022  - one of the following C compilers:
0024   * Visual C++
0025   * Borland C
0026   * GNU C (Cygwin or MinGW)
0028 - Netwide Assembler, a.k.a. NASM, available from
0029   is required if you intend to utilize assembler modules. Note that NASM
0030   is now the only supported assembler.
0032  If you are compiling from a tarball or a Git snapshot then the Win32 files
0033  may well be not up to date. This may mean that some "tweaking" is required to
0034  get it all to work. See the trouble shooting section later on for if (when?)
0035  it goes wrong.
0037  Visual C++
0038  ----------
0040  If you want to compile in the assembly language routines with Visual
0041  C++, then you will need already mentioned Netwide Assembler binary,
0042  nasmw.exe or nasm.exe, to be available on your %PATH%.
0044  Firstly you should run Configure with platform VC-WIN32:
0046  > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
0048  Where the prefix argument specifies where OpenSSL will be installed to.
0050  Next you need to build the Makefiles and optionally the assembly
0051  language files:
0053  - If you are using NASM then run:
0055    > ms\do_nasm
0057  - If you don't want to use the assembly language files at all then run:
0059    > perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
0060    > ms\do_ms
0062  If you get errors about things not having numbers assigned then check the
0063  troubleshooting section: you probably won't be able to compile it as it
0064  stands.
0066  Then from the VC++ environment at a prompt do:
0068  > nmake -f ms\ntdll.mak
0070  If all is well it should compile and you will have some DLLs and
0071  executables in out32dll. If you want to try the tests then do:
0073  > nmake -f ms\ntdll.mak test
0076  To install OpenSSL to the specified location do:
0078  > nmake -f ms\ntdll.mak install
0080  Tweaks:
0082  There are various changes you can make to the Win32 compile
0083  environment. By default the library is not compiled with debugging
0084  symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
0085  then debugging symbols will be compiled in.
0087  By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
0088  separate shared librariesy. If you specify the "enable-static-engine"
0089  option on the command line to Configure the shared library build
0090  (ms\ntdll.mak) will compile the engines into libeay32.dll instead.
0092  The default Win32 environment is to leave out any Windows NT specific
0093  features.
0095  If you want to enable the NT specific features of OpenSSL (currently
0096  only the logging BIO) follow the instructions above but call the batch
0097  file do_nt.bat instead of do_ms.bat.
0099  You can also build a static version of the library using the Makefile
0100  ms\nt.mak
0103  Borland C++ builder 5
0104  ---------------------
0106  * Configure for building with Borland Builder:
0107    > perl Configure BC-32
0109  * Create the appropriate makefile
0110    > ms\do_nasm
0112  * Build
0113    > make -f ms\bcb.mak
0115  Borland C++ builder 3 and 4
0116  ---------------------------
0118  * Setup PATH. First must be GNU make then bcb4/bin 
0120  * Run ms\bcb4.bat
0122  * Run make:
0123    > make -f bcb.mak
0125  GNU C (Cygwin)
0126  --------------
0128  Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
0129  Win32 subsystem and provides a bash shell and GNU tools environment.
0130  Consequently, a make of OpenSSL with Cygwin is virtually identical to
0131  Unix procedure. It is also possible to create Win32 binaries that only
0132  use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
0133  MinGW. MinGW can be used in the Cygwin development environment or in a
0134  standalone setup as described in the following section.
0136  To build OpenSSL using Cygwin:
0138  * Install Cygwin (see
0140  * Install Perl and ensure it is in the path. Both Cygwin perl
0141    (5.6.1-2 or newer) and ActivePerl work.
0143  * Run the Cygwin bash shell
0145  * $ tar zxvf openssl-x.x.x.tar.gz
0146    $ cd openssl-x.x.x
0148    To build the Cygwin version of OpenSSL:
0150    $ ./config
0151    [...]
0152    $ make
0153    [...]
0154    $ make test
0155    $ make install
0157    This will create a default install in /usr/local/ssl.
0159    To build the MinGW version (native Windows) in Cygwin:
0161    $ ./Configure mingw
0162    [...]
0163    $ make
0164    [...]
0165    $ make test
0166    $ make install
0168  Cygwin Notes:
0170  "make test" and normal file operations may fail in directories
0171  mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
0172  stripping of carriage returns. To avoid this ensure that a binary
0173  mount is used, e.g. mount -b c:\somewhere /home.
0175  "bc" is not provided in older Cygwin distribution.  This causes a
0176  non-fatal error in "make test" but is otherwise harmless.  If
0177  desired and needed, GNU bc can be built with Cygwin without change.
0179  GNU C (MinGW/MSYS)
0180  -------------
0182  * Compiler and shell environment installation:
0184    MinGW and MSYS are available from, both are
0185    required. Run the installers and do whatever magic they say it takes
0186    to start MSYS bash shell with GNU tools on its PATH.
0188    N.B. Since source tar-ball can contain symbolic links, it's essential
0189    that you use accompanying MSYS tar to unpack the source. It will
0190    either handle them in one way or another or fail to extract them,
0191    which does the trick too. Latter means that you may safely ignore all
0192    "cannot create symlink" messages, as they will be "re-created" at
0193    configure stage by copying corresponding files. Alternative programs
0194    were observed to create empty files instead, which results in build
0195    failure.
0197  * Compile OpenSSL:
0199    $ ./config
0200    [...]
0201    $ make
0202    [...]
0203    $ make test
0205    This will create the library and binaries in root source directory
0206    and openssl.exe application in apps directory.
0208    It is also possible to cross-compile it on Linux by configuring
0209    with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
0210    'make test' is naturally not applicable then.
0212    libcrypto.a and libssl.a are the static libraries. To use the DLLs,
0213    link with libeay32.a and libssl32.a instead.
0215    See troubleshooting if you get error messages about functions not
0216    having a number assigned.
0218  Installation
0219  ------------
0221  If you used the Cygwin procedure above, you have already installed and
0222  can skip this section.  For all other procedures, there's currently no real
0223  installation procedure for Win32.  There are, however, some suggestions:
0225     - do nothing.  The include files are found in the inc32/ subdirectory,
0226       all binaries are found in out32dll/ or out32/ depending if you built
0227       dynamic or static libraries.
0229     - do as is written in INSTALL.Win32 that comes with modssl:
0231         $ md c:\openssl 
0232         $ md c:\openssl\bin
0233         $ md c:\openssl\lib
0234         $ md c:\openssl\include
0235         $ md c:\openssl\include\openssl
0236         $ copy /b inc32\openssl\*       c:\openssl\include\openssl
0237         $ copy /b out32dll\ssleay32.lib c:\openssl\lib
0238         $ copy /b out32dll\libeay32.lib c:\openssl\lib
0239         $ copy /b out32dll\ssleay32.dll c:\openssl\bin
0240         $ copy /b out32dll\libeay32.dll c:\openssl\bin
0241         $ copy /b out32dll\openssl.exe  c:\openssl\bin
0243       Of course, you can choose another device than c:.  C: is used here
0244       because that's usually the first (and often only) harddisk device.
0245       Note: in the modssl INSTALL.Win32, p: is used rather than c:.
0248  Troubleshooting
0249  ---------------
0251  Since the Win32 build is only occasionally tested it may not always compile
0252  cleanly.  If you get an error about functions not having numbers assigned
0253  when you run ms\do_ms then this means the Win32 ordinal files are not up to
0254  date. You can do:
0256  > perl util\ crypto ssl update
0258  then ms\do_XXX should not give a warning any more. However the numbers that
0259  get assigned by this technique may not match those that eventually get
0260  assigned in the Git tree: so anything linked against this version of the
0261  library may need to be recompiled.
0263  If you get errors about unresolved symbols there are several possible
0264  causes.
0266  If this happens when the DLL is being linked and you have disabled some
0267  ciphers then it is possible the DEF file generator hasn't removed all
0268  the disabled symbols: the easiest solution is to edit the DEF files manually
0269  to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
0271  Another cause is if you missed or ignored the errors about missing numbers
0272  mentioned above.
0274  If you get warnings in the code then the compilation will halt.
0276  The default Makefile for Win32 halts whenever any warnings occur. Since VC++
0277  has its own ideas about warnings which don't always match up to other
0278  environments this can happen. The best fix is to edit the file with the
0279  warning in and fix it. Alternatively you can turn off the halt on warnings by
0280  editing the CFLAG line in the Makefile and deleting the /WX option.
0282  You might get compilation errors. Again you will have to fix these or report
0283  them.
0285  One final comment about compiling applications linked to the OpenSSL library.
0286  If you don't use the multithreaded DLL runtime library (/MD option) your
0287  program will almost certainly crash because malloc gets confused -- the
0288  OpenSSL DLLs are statically linked to one version, the application must
0289  not use a different one.  You might be able to work around such problems
0290  by adding CRYPTO_malloc_init() to your program before any calls to the
0291  OpenSSL libraries: This tells the OpenSSL libraries to use the same
0292  malloc(), free() and realloc() as the application.  However there are many
0293  standard library functions used by OpenSSL that call malloc() internally
0294  (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
0295  rely on CRYPTO_malloc_init() solving your problem, and you should
0296  consistently use the multithreaded library.
0298  Linking your application
0299  ------------------------
0301  If you link with static OpenSSL libraries [those built with ms/nt.mak],
0302  then you're expected to additionally link your application with
0303  WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
0304  non-interactive service applications might feel concerned about linking
0305  with the latter two, as they are justly associated with interactive
0306  desktop, which is not available to service processes. The toolkit is
0307  designed to detect in which context it's currently executed, GUI,
0308  console app or service, and act accordingly, namely whether or not to
0309  actually make GUI calls. Additionally those who wish to
0310  /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
0311  off service process should consider implementing and exporting from
0312  .exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
0313  E.g., on Windows Vista and later you could:
0315         __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
0316         {   DWORD sess;
0317             if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
0318                 return sess==0;
0319             return FALSE;
0320         }
0322  If you link with OpenSSL .DLLs, then you're expected to include into
0323  your application code small "shim" snippet, which provides glue between
0324  OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
0325  reference page for further details.