(by Brian Wilson, 6/4/07) - GREEN UPDATES on 8/8/2016
(Read
a personal
description of Backblaze here.)
OpenSSL is a free, redistributable library that is used widely by many organizations to provide cryptography support. For example, the free library libCURL uses OpenSSL to implement HTTPS (SSL over HTTP) support. RedHat Linux and Macintosh both ship OpenSSL in their default distributions world wide, so the current distribution (and testing base) is somewhere in the *millions* of units to every country on the planet. The official OpenSSL website is here: http://www.openssl.org I am just a fan of using this technology, I'm not associated with the official website or authors at all.
Free, cross-platform (Windows, Macintosh, Linux!) redistributable cryptography, based on YEARS of work by these programmers for no apparent gain, fully redistributable world-wide!! OpenSSL is an AMAZING achievement, I'm so glad it is available! I have used it at several companies, including two startups, so the ability to get this for free and then redistribute it is truly wonderful! I have benefited both by saving time AND by making a lot of money by using OpenSSL. -- Brian Wilson, 6/4/07
The "library" portion of OpenSSL (the part you link with your
applications) consists of two libraries. On Linux and on Macintosh these are:
libssl.a and libcrypto.a, while on Windows they are named completely different:
libeay32.a and ssleay32.a (nobody but the authors know why they would diverge
like that). UPDATE 8/30/2010 - a hint might be the the author of
libeay32.a is Eric Young (thanks to David Horton for pointing that out!)
The lowest level is libssl.a which implements SSL (Secure Socket Layer). The
other library is called libcrypto.a and implements a wide range of cryptographic
algorithms (think OpenPGP). You can compile these two libraries statically (.a)
or they can be dynamically linked like libcrypto.so on Linux, and
libcrypto.dylib and libssl.dylib on the Macintosh.
I couldn't get OpenSSL to build in the Backblaze build tree environment directly, which is actually Ok because that means I don't mix my code in with the OpenSSL code, and proves I can link with any version of OpenSSL. What I do is build it once for 32 bit (and carefully repeat for a 64 bit version), and check in the libraries into a "prebuilt" directory in SVN (source code control). The headers get checked into a standard location in my tree that ends with ...\thirdpartylibs\openssl
NOTE: I choose to link statically with the one version of
OpenSSL checked into my source tree, so that there is absolutely no confusion
which version is run. If you run the wrong .dll (.so) version your application can
crash, or won't even launch (!) or worse have security issues. The version
I compile against in my tree is the one I test with, and as new releases come
out I can update them in my source tree then test before releasing to customers.
UNFORTUNATE NOTE ABOUT MACINTOSH: I could not get the OpenSSL libraries to
compile on the Mac, so in the short term I am linking against the shared OpenSSL libraries that ship on the Mac by default. I would like to fix this for
the reasons stated above, but for now this allows me to move on to other work.
Requirements not covered in this webpage:
1) You need Perl from
http://www.activestate.com/ActivePerl
2)
Microsoft Visual Studio 2015 probably from
here.
// OBSOLETE--> - Microsoft Visual Studio 8 (also known as VS2005 or VS ".Net")
3) A "gunzip" and "tar" tool that aren't standard on Microsoft
Windows
The file is called openssl-1.0.2d.tar.gz and the instructions to build it on Windows with Visual Studio 2015 are found in the file INSTALL.W64 (for 64 bit version) found at the top level of the OpenSSL distribution. Below are the commands I typed in a completely standard command prompt (cmd.exe) window. DO NOT USE cygwin shells, they will not work!!
4A.1 gunzip openssl-1.0.2d.tar.gz
4A.2 tar -xvf openssl-1.0.2d.tar
4A.3 cd openssl-1.0.2d (the rest of the commands are done INSIDE here)
The default install for Microsoft Visual Studio doesn't include the environment variables to run Visual Studio from the command line. The authors of OpenSSL prefer to work from the command line, so we adapt here. You only really need two little executables called "ml.exe" and "nmake" which ship with Visual Studio, but here are the commands I typed to set this up. Below are the commands I typed (remember, these are in the same completely standard Windows command prompt, cygwin shells will not work for this!!) THESE INSTRUCTIONS ARE FOR THE 64 BIT VERSION. SEE THE VERSION IN MAGENTA for 32 bit!!
4B.1 "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86_amd64
(Notice the double quotes to help this run correctly.)
4B.1 "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\Tools\vsvars32.bat"
(Notice the double quotes to help this run correctly.)
OpenSSL doesn't ship ready to compile. The idea is that you run a perl script that automatically modifies the ".h" files to work properly, THEN you compile. Below are the commands I typed to run the perl step.
4C.1 mkdir c:\tmp_open_ssl
4C.2 perl Configure VC-WIN64A --prefix=c:\tmp_open_ssl
(This says place all the finished installed output in /tmp_open_ssl.)
4C.2 perl Configure VC-WIN32 no-asm --prefix=c:\tmp_open_ssl
(This says place all the finished installed output in /tmp_open_ssl.)
4C.3 ms\do_win64a
(This configures OpenSSL to compile some stuff using Microsoft Visual Studio Assembler)
4C.3 ms\do_ms
(This configures OpenSSL to compile some stuff using Microsoft Visual Studio Assembler)
Below are the commands I typed to build OpenSSL with Visual Studio 2015 on Windows 10
4D.1 nmake -f ms\nt.mak
(if you want DLLs, then use "ms\ntdll.mak")
NOTE: IF YOU GET THIS ERROR: ... an error linking because link.exe complains
that MSPDB140.dll has the wrong version installed....
then as Admin copy this file:
Src: C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\mspdbsrv.dll
Dest: C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\
4D.2 nmake -f ms\nt.mak install
For reasons I stated above, now I copy the two libraries, plus the include files into my build tree to isolate me from everything else. Below are the commands I typed:
4E.1 mkdir C:\tree\trunk\thirdpartylibs\openssl
(This just happens to be where I will put the include files in my build tree)
4E.2 cp C:\tmp_open_ssl\include\openssl\* C:\tree\trunk\thirdpartylibs\openssl
FOR 64 BIT -> 4E.3 cp C:\tmp_open_ssl\lib\* C:\tree\trunk\prebuilt\win64
(two files: libeay32.lib and ssleay32.lib - yes it is dumb they are named "32"!!)
FOR 32 BIT -> 4E.3 cp C:\tmp_open_ssl\lib\* C:\tree\trunk\prebuilt\win32
(two files: libeay32.lib and ssleay32.lib)
All Done With Windows!!
Requirements: I did this on a RedHat Enterprise Linux 5 beta 2 machine. Click HERE to see details on that box.
The file is called openssl-0.9.8e.tar.gz and the instructions to build it on most Unix systems are found in the file "INSTALL" found at the top level of the OpenSSL distribution. Below are the commands I typed in a completely standard command prompt (cmd.exe) window.
5A.1 gunzip openssl-0.9.8e.tar.gz
5A.2 tar -xvf openssl-0.9.8e.tar
5A.3 cd openssl-0.9.8e (the rest of the commands are done INSIDE here)
NOTE: some good hints found in the "INSTALL" file (instructions). Below are the commands I typed
5B.1 mkdir /home/brianw/tmp_open_ssl
5B.2 ./config --prefix=/home/brianw/tmp_open_ssl
Below are the commands I typed to build OpenSSL on RedHat Linux.
5C.1 make
5C.2 make install
For reasons I stated above, now I copy the two libraries, plus the include files into my build tree to isolate me from everything else. Below are the commands I typed:
5D.1 cp /home/brianw/tmp_open_ssl/lib/*.a tree/trunk/thirdpartylibs/openssl
(This just happens to be where I will put the include files in my build tree)
5D.2 cp /home/brianw/tmp_open_ssl/lib/*.a .../trunk/prebuilt/linux/
(two files: libcrypto.a libssl.a)
NOTE ABOUT HEADERS: I have a cross platform development environment, which means the SAME TREE compiles without any changes on Windows, Linux, and Macintosh. So I had to combine the header file called "opensslconf.h" that is generated EITHER for linux OR for Windows with a big huge "ifdef _WIN32" so that it works for both platforms. Click here for the copy of that file I hand modified for my particular build environment (search for BRIANW in that file to see the humongous "#ifdef _WIN32".
All Done With Linux!!
XXXXX NOTE: THESE STEPS DO NOT WORK!! I don't think it is possible to get the current release compiled on a Macintosh statically!!! If you come up with a working version, please email me with what steps I did wrong!!!
Requirements: I did this on a Mac Mini Core 2 Duo (x86 box)
The file is called openssl-0.9.8e.tar.gz and the instructions to build it on most Unix systems are found in the file "INSTALL" found at the top level of the OpenSSL distribution. For the Macintosh there is a release note called "PROBLEMS" which describes the step 6C below you must take. Below are the commands I typed in a completely standard command prompt (cmd.exe) window.
6A.1 gunzip openssl-0.9.8e.tar.gz
6A.2 tar -xvf openssl-0.9.8e.tar
6A.3 cd openssl-0.9.8e (the rest of the commands are done INSIDE here)
NOTE: some good hints found in the "INSTALL" file (instructions). Below are the commands I typed
6B.1 mkdir /Users/brianw/tmp_open_ssl
6B.2 ./config --prefix=/Users/brianw/tmp_open_ssl
(These steps are from the file "PROBLEMS" found in the top directory, it is working around a problem with the Mac picking up the libs that SHIP with the Mac that are incompatible!) Below are the special steps I had to take:
6C.1 edit apps/Makefile and test/Makefile and change these two lines:
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
into these two lines:
LIBCRYPTO=../libcrypto.a
LIBSSL=../libssl.a
6C.2 NOTE-> I ALSO HAD TO REMOVE TWO TESTS from the Makefile:
the "MDC5TEST" and something like "md5test", the compile
complained saying "no main() defined" (this is on Mac OS X with OpenSSL)
and the ".c" files seem to be empty??
Below are the commands I typed to build OpenSSL on Mac OS X 10.4.
6D.1 make
6D.2 make install
For reasons I stated above, now I copy the two libraries, plus the include files into my build tree to isolate me from everything else. Below are the commands I typed:
6E.1 cp /home/brianw/tmp_open_ssl/lib/*.a ...trunk/prebuilt/linux/
(two files: libcrypto.a libssl.a)
MACINTOSH NOTE: When I try to link against these libraries, there is this
error:
COMPILER LINE (cleaned up for readability):
g++ -g3 bzworker.o install.o ../../bzlibs/bzextra/libbzextra.a
../../thirdpartylibs/zlib/libzlib.a ../../thirdpartylibs/curl/libcurl.a
../../prebuilt/mac/libssl.a ../../prebuilt/mac/libcrypto.a
../../bzlibs/bzbase/libbzbase.a -ldl -lresolv -lpthread -o bzworker
COMPILER ERROR (cleaned up for readability):
/usr/bin/ld: table of contents for archive: ../../prebuilt/mac/libssl.a
is out of date; rerun ranlib(1) (can't load from it)
/usr/bin/ld: table of contents for archive: ../../prebuilt/mac/libcrypto.a
is out of date; rerun ranlib(1) (can't load from it)
collect2: ld returned 1 exit status
make[2]: *** [bzworker] Error 1
make[1]: *** [all] Error 2
make: *** [all] Error 2
So I cannot get this OpenSSL compiled correctly on the Mac. I tried several things that always failed, I always get the above error saying something went wrong with "ranlib". Developing for the Macintosh is very hard, because there are no examples on the web and very VERY few developers and little or no help resources. So if you know how to solve this problem, PLEASE EMAIL ME!! Thanks!
UNFORTUNATE NOTE ABOUT MACINTOSH: I could not get the OpenSSL libraries to compile on the Mac, so in the short term I am linking against the shared OpenSSL libraries that ship on the Mac by default. I would like to fix this for the reasons stated above, but for now this allows me to move on to other work.
All Done With Mac OS X 10.4 and OpenSSL!!
I have not verified these yet, but other users have said these instructions work:
A helpful reader on the internet writes that this will work on the Mac:
$ ./Configure --prefix=/cmc/openssl/openssl-0.9.8i/
--openssldir=/cmc/openssl/openssl-0.9.8i/ darwin-ppc-cc -DUSE_TOD
threads shared no-idea
(Read
a personal
description of Backblaze here.)
Click Here to return to Ski-Epic Home, and Click Here to return to Random Stuff in Brian's Life