123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299 |
- VMS Installation instructions
- written by Richard Levitte
- <richard@levitte.org>
- Intro:
- ======
- This file is divided in the following parts:
- Requirements - Mandatory reading.
- Checking the distribution - Mandatory reading.
- Compilation - Mandatory reading.
- Logical names - Mandatory reading.
- Test - Mandatory reading.
- Installation - Mandatory reading.
- Backward portability - Read if it's an issue.
- Possible bugs or quirks - A few warnings on things that
- may go wrong or may surprise you.
- TODO - Things that are to come.
- Requirements:
- =============
- To build and install OpenSSL, you will need:
- * DEC C or some other ANSI C compiler. VAX C is *not* supported.
- [Note: OpenSSL has only been tested with DEC C. Compiling with
- a different ANSI C compiler may require some work]
- Checking the distribution:
- ==========================
- There have been reports of places where the distribution didn't quite get
- through, for example if you've copied the tree from a NFS-mounted Unix
- mount point.
- The easiest way to check if everything got through as it should is to check
- for one of the following files:
- [.CRYPTO]OPENSSLCONF.H_IN
- [.CRYPTO]OPENSSLCONF_H.IN
- They should never exist both at once, but one of them should (preferably
- the first variant). If you can't find any of those two, something went
- wrong.
- The best way to get a correct distribution is to download the gzipped tar
- file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
- use VMSTAR to unpack the resulting tar file.
- GUNZIP is available in many places on the net. One of the distribution
- points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
- VMSTAR is also available in many places on the net. The recommended place
- to find information about it is http://www.free.lp.se/vmstar/ .
- Compilation:
- ============
- I've used the very good command procedures written by Robert Byer
- <byer@mail.all-net.net>, and just slightly modified them, making
- them slightly more general and easier to maintain.
- You can actually compile in almost any directory separately. Look
- for a command procedure name xxx-LIB.COM (in the library directories)
- or MAKExxx.COM (in the program directories) and read the comments at
- the top to understand how to use them. However, if you want to
- compile all you can get, the simplest is to use MAKEVMS.COM in the top
- directory. The syntax is the following:
- @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
- <option> must be one of the following:
- ALL Just build "everything".
- CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
- BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
- SOFTLINKS Just copies some files, to simulate Unix soft links.
- BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
- RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
- CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
- SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
- SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
- TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
- APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
- <rsaref-p> must be one of the following:
- RSAREF compile using the RSAREF Library
- NORSAREF compile without using RSAREF
- Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent
- expires September 20, 2000, and RSA Security chose to make
- the algorithm public domain two weeks before that.
- Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
- and you have to download it. RSA Security doesn't carry it
- any more, but there are a number of places where you can find
- it. You have to get the ".tar-Z" file as the ".zip" file
- doesn't have the directory structure stored. You have to
- extract the file into the [.RSAREF] directory as that is where
- the scripts will look for the files.
- Note 2: I have never done this, so I've no idea if it works or not.
- <debug-p> must be one of the following:
- DEBUG compile with debugging info (will not optimize)
- NODEBUG compile without debugging info (will optimize)
- <compiler> must be one of the following:
- DECC For DEC C.
- GNUC For GNU C.
- You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
- where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL],
- named LIBSSL.OLB, and you will find a bunch of useful programs in
- [.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's
- just to test them. For production use, make sure you install first, see
- Installation below.
- Note 1: Some programs in this package require a TCP/IP library.
- Note 2: if you want to compile the crypto library only, please make sure
- you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
- a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
- Logical names:
- ==============
- There are a few things that can't currently be given through the command
- line. Instead, logical names are used.
- Currently, the logical names supported are:
- OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
- not be used. Instead, plain C implementations are
- used. This is good to try if something doesn't work.
- OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
- will not be implemented. Supported algorithms to
- do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
- SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
- SSL2. So, for example, having the logical name
- OPENSSL_NO_RSA with the value YES means that the
- LIBCRYPTO.OLB library will not contain an RSA
- implementation.
- Test:
- =====
- Testing is very simple, just do the following:
- @[.TEST]TESTS
- If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
- it's an ugly hack!) and rebuild. Please send a bug report to
- <openssl-bugs@openssl.org>, including the output of "openssl version -a"
- and of the failed test.
- Installation:
- =============
- Installation is easy, just do the following:
- @INSTALL <root>
- <root> is the directory in which everything will be installed,
- subdirectories, libraries, header files, programs and startup command
- procedures.
- N.B.: INSTALL.COM builds a new directory structure, different from
- the directory tree where you have now build OpenSSL.
- In the [.VMS] subdirectory of the installation, you will find the
- following command procedures:
- OPENSSL_STARTUP.COM
- defines all needed logical names. Takes one argument that
- tells it in what logical name table to insert the logical
- names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
- call should look like this:
- @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
- OPENSSL_UTILS.COM
- sets up the symbols to the applications. Should be called
- from for example SYS$MANAGER:SYLOGIN.COM
- The logical names that are set up are the following:
- SSLROOT a dotted concealed logical name pointing at the
- root directory.
- SSLCERTS Initially an empty directory, this is the default
- location for certificate files.
- SSLMISC Various scripts.
- SSLPRIVATE Initially an empty directory, this is the default
- location for private key files.
- SSLEXE Contains the openssl binary and a few other utility
- programs.
- SSLINCLUDE Contains the header files needed if you want to
- compile programs with libcrypto or libssl.
- SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
- and LIBSSL.OLB) themselves.
- OPENSSL Same as SSLINCLUDE. This is because the standard
- way to include OpenSSL header files from version
- 0.9.3 and on is:
- #include <openssl/header.h>
- For more info on this issue, see the INSTALL. file
- (the NOTE in section 4 of "Installation in Detail").
- You don't need to "deleting old header files"!!!
- Backward portability:
- =====================
- One great problem when you build a library is making sure it will work
- on as many versions of VMS as possible. Especially, code compiled on
- OpenVMS version 7.x and above tend to be unusable in version 6.x or
- lower, because some C library routines have changed names internally
- (the C programmer won't usually see it, because the old name is
- maintained through C macros). One obvious solution is to make sure
- you have a development machine with an old enough version of OpenVMS.
- However, if you are stuck with a bunch of Alphas running OpenVMS version
- 7.1, you seem to be out of luck. Fortunately, the DEC C header files
- are cluttered with conditionals that make some declarations and definitions
- dependent on the OpenVMS version or the C library version, *and* you
- can use those macros to simulate older OpenVMS or C library versions,
- by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
- correct values. In the compilation scripts, I've provided the possibility
- for the user to influence the creation of such macros, through a bunch of
- symbols, all having names starting with USER_. Here's the list of them:
- USER_CCFLAGS - Used to give additional qualifiers to the
- compiler. It can't be used to define macros
- since the scripts will do such things as well.
- To do such things, use USER_CCDEFS.
- USER_CCDEFS - Used to define macros on the command line. The
- value of this symbol will be inserted inside a
- /DEFINE=(...).
- USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
- inserted inside a /DISABLE=WARNING=(...).
- So, to maintain backward compatibility with older VMS versions, do the
- following before you start compiling:
- $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
- $ USER_CCDISABLEWARNINGS := PREOPTW
- The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
- that those macros have been changed.
- Note: Currently, this is only useful for library compilation. The
- programs will still be linked with the current version of the
- C library shareable image, and will thus complain if they are
- faced with an older version of the same C library shareable image.
- This will probably be fixed in a future revision of OpenSSL.
- Possible bugs or quirks:
- ========================
- I'm not perfectly sure all the programs will use the SSLCERTS:
- directory by default, it may very well be that you have to give them
- extra arguments. Please experiment.
- TODO:
- =====
- There are a few things that need to be worked out in the VMS version of
- OpenSSL, still:
- - Description files. ("Makefile's" :-))
- - Script code to link an already compiled build tree.
- - A VMSINSTALlable version (way in the future, unless someone else hacks).
- - shareable images (DLL for you Windows folks).
- There may be other things that I have missed and that may be desirable.
- Please send mail to <openssl-users@openssl.org> or to me directly if you
- have any ideas.
- --
- Richard Levitte <richard@levitte.org>
- 2000-02-27
|