[openssl-users] Windows Compile Fails

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Jun 19 21:44:27 UTC 2015 

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Jay Foster
> Sent: Friday, June 19, 2015 17:31
> 
> I see OpenSSL build output that looks like this:
> 
>          cl /Fotmp32dll\a_sign.obj  -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2
> -DOPENSSL
> _THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -
> DOPENSSL_SYSNAME_WIN32
> -DWIN32_L
> EAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -
> DOPENSSL_USE_APPLINK
> -I. -DO
> PENSSL_NO_IDEA -DOPENSSL_NO_RC2 -DOPENSSL_NO_RC5 -
> DOPENSSL_NO_MD2
> -DOPENSSL_NO_S
> SL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE
> -DOPENSSL_NO_STATIC_E
> NGINE /Zi /Fdtmp32dll/lib -D_WINDLL  -DOPENSSL_BUILD_SHLIBCRYPTO -c
> .\crypto\asn
> 1\a_sign.c
> a_sign.c
> 
> Should the "/MD" be "/MT"?

Probably not. This depends on other considerations that are outside the scope of statically or dynamically linking OpenSSL itself. /MD tells VC to put a reference to the DLL version of the Microsoft C Runtime (CRT) into the object file; /MT tells VC to put a reference to the static version of the CRT in. Usually even static libraries should be linked with the DLL version of the CRT, unless you know the final executable will always be linked with the static CRT.

> Is -DOPENSSL_BUILD_SHLIBCRYPTO right?

Not sure.

> is -D_WINDLL right?

Probably. Again, even with OpenSSL built for static linking, it's usually best to tell VC that you're building for eventual dynamic linking, if the final executable will have a mix of static and dynamic objects.

> Do I need to specify enable-static-engine

No, unless you know you're using one or more engines, and you know you need them linked statically rather than loaded dynamically. Start by assuming no.

The engine feature supports external cryptographic providers. Those can be software systems like Microsoft's Crypto API, or hardware systems like card readers that use the PKCS#11 API. Modern versions of OpenSSL load engines dynamically, on request; enable-static-engine links them in statically instead.

> or no-dso?

I don't know what that option does, off the top of my head. Doesn't look like our build uses it.


-- 
Michael Wojcik
Technology Specialist, Micro Focus

More information about the openssl-users mailing list