Configuration Options Purpose

--prefix=DIR This option installs OpenSSL in the DIR directory. It creates subdirectories such as DIR/lib, DIR/bin, DIR/include/ openssl. The configuration files are stored in DIR/ssl unless you use the - -openssldir option to specify this directory.

--openssldir=DIR This option specifies the configuration files directory. If the -prefix option isn't used, all files are stored in this directory.

This option forces building of the RSAREF toolkit. To use the RSAREF toolkit, make sure you have the RSAREF library (librsaref.a) in your default library search path.

This option disables support for multithreaded applications.

This option enables support for multithreaded applications.

This option disables the creation of a shared library.

This option enables the creation of a shared library.

This option disables the use of assembly code in the source tree. Use this option only if you are experiencing problems in compiling OpenSSL.

Use this only if you are compiling OpenSSL on an Intel 386 machine. (Not recommended for newer Intel machines.)

OpenSSL uses many cryptographic ciphers such as bf, cast, des, dh, dsa, hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, and sha. If you want to exclude a particular cipher from the compiled binaries, use this option.

-Dxxx, -lxxx, -Lxxx, These options enable you to specify various system-dependent -fxxx, -Kxxx options. For example, Dynamic Shared Objects (DSO) flags, such as -fpic, -fPIC, and -KPIC can be specified on the command line. This way one can compile OpenSSL libraries with Position Independent Code (PIC), which is needed for linking it into DSOs.

Most likely you won't need any of these options to compile OpenSSL. However, if you have problems compiling it, you can try some of these options with appropriate values. For example, if you can't compile because OpenSSL complains about missing library files, try specifying the system library path using the -L option.

Rsaref no-threads threads no-shared

Shared no-asm


After you have run the config script without any errors, run the make utility. If the make command is successful, run make test to test the newly built binaries. Finally, run make install to install OpenSSL in your system.

If you have problems compiling OpenSSL, one source of the difficulty may be a library-file mismatch — not unusual if the latest version of software like OpenSSL is being installed on an old Linux system. Or the problem may be caused by an option, specified in the command line,that's missing an essential component. For example, if you don't have the RSAREF library (not included in Red Hat Linux) installed on your system and you are trying to use the rsaref option,the compilation fails when it tries to build the binaries. Here some traditional programming wisdom comes in handy: Make sure you know exactly what you're doing when you use specific options. If neither of these approaches resolves the problem, try searching the OpenSSL FAQ page at Or simply install the binary RPM package for OpenSSL.

Was this article helpful?

0 0

Post a comment