diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-07-25 12:21:33 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-07-25 18:58:35 +0200 |
| commit | d333ebaf9c77332754a9d5e111e2f53e1de54fdd (patch) | |
| tree | c3e6dedf493685f8944f024f9eafe1d5f1d887c1 /INSTALL.W32 | |
| parent | 0bc650d58a58a8b4af97639b952eac3558bb982e (diff) | |
Document issue with default installation paths on diverse Windows targets
For all config targets (except VMS, because it has a completely different
set of scripts), '/usr/local/ssl' is the default prefix for installation
of programs and libraries, as well as the path for OpenSSL run-time
configuration.
For programs built to run in a Windows environment, this default is
unsafe, and the user should set a different prefix. This has been hinted
at in some documentation but not all, and the danger of leaving the
default as is hasn't been documented at all.
This change documents the issue as a caveat lector, and all configuration
examples now include an example --prefix.
CVE-2019-1552
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9456)
Diffstat (limited to 'INSTALL.W32')
| -rw-r--r-- | INSTALL.W32 | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/INSTALL.W32 b/INSTALL.W32 index bd10187c32..b97a3d0c7a 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -34,6 +34,17 @@ get it all to work. See the trouble shooting section later on for if (when?) it goes wrong. + CAVEAT LECTOR + ------------- + + ### Default install and config paths + + ./Configure defaults to '/usr/local/ssl' as installation top. This is + suitable for Unix, but not for Windows, where this usually is a world + writable directory and therefore accessible for change by untrusted users. + It is therefore recommended to set your own --prefix or --openssldir to + some location that is not world writeable (see the example above) + Visual C++ ---------- @@ -104,7 +115,7 @@ --------------------- * Configure for building with Borland Builder: - > perl Configure BC-32 + > perl Configure BC-32 --prefix=c:\some\openssl\dir * Create the appropriate makefile > ms\do_nasm @@ -196,7 +207,7 @@ * Compile OpenSSL: - $ ./config + $ ./config --prefix=c:/some/openssl/dir [...] $ make [...] @@ -206,7 +217,11 @@ and openssl.exe application in apps directory. It is also possible to cross-compile it on Linux by configuring - with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'. + like this: + + $ ./Configure --cross-compile-prefix=i386-mingw32- \ + --prefix=c:/some/openssl/dir mingw ... + 'make test' is naturally not applicable then. libcrypto.a and libssl.a are the static libraries. To use the DLLs, @@ -240,6 +255,9 @@ $ copy /b out32dll\libeay32.dll c:\openssl\bin $ copy /b out32dll\openssl.exe c:\openssl\bin + ("c:\openssl" should be whatever you specified to --prefix when + configuring the build) + Of course, you can choose another device than c:. C: is used here because that's usually the first (and often only) harddisk device. Note: in the modssl INSTALL.Win32, p: is used rather than c:. |