编译curl以及各类ssl参数

Building from git

If you get your code off a git repository instead of a release tarball, see the GIT-INFO file in the root directory for specific instructions on how to proceed.

Unix

A normal Unix installation is made in three or four steps (after you've unpacked the source archive):

./configure
make
make test (optional)
make install

You probably need to be root when doing the last command.
Get a full listing of all available configure options by invoking it like:

./configure --help

If you want to install curl in a different file hierarchy than /usr/local, specify that when running configure:

./configure --prefix=/path/to/curl/tree

If you have write permission in that directory, you can do 'make install' without being root. An example of this would be to make a local install in your own home directory:

./configure --prefix=$HOME
make
make install

The configure script always tries to find a working SSL library unless explicitly told not to. If you have OpenSSL installed in the default search path for your compiler/linker, you don't need to do anything special. If you have OpenSSL installed in /usr/local/ssl, you can run configure like:

./configure --with-ssl

If you have OpenSSL installed somewhere else (for example, /opt/OpenSSL) and you have pkg-config installed, set the pkg-config path first, like this:

env PKG_CONFIG_PATH=/opt/OpenSSL/lib/pkgconfig ./configure --with-ssl

Without pkg-config installed, use this:
./configure --with-ssl=/opt/OpenSSL
If you insist on forcing a build without SSL support, even though you may have OpenSSL installed in your system, you can run configure like this:
./configure --without-ssl
If you have OpenSSL installed, but with the libraries in one place and the header files somewhere else, you have to set the LDFLAGS and CPPFLAGS environment variables prior to running configure. Something like this should work:

CPPFLAGS="-I/path/to/ssl/include" LDFLAGS="-L/path/to/ssl/lib" ./configure

If you have shared SSL libs installed in a directory where your run-time linker doesn't find them (which usually causes configure failures), you can provide the -R option to ld on some operating systems to set a hard-coded path to the run-time linker:

LDFLAGS=-R/usr/local/ssl/lib ./configure --with-ssl

More Options

To force a static library compile, disable the shared library creation by running configure like:

./configure --disable-shared

To tell the configure script to skip searching for thread-safe functions, add an option like:

./configure --disable-thread

If you're a curl developer and use gcc, you might want to enable more debug options with the --enable-debug option.
curl can be built to use a whole range of libraries to provide various useful services, and configure will try to auto-detect a decent default. But if you want to alter it, you can select how to deal with each individual library.

Select TLS backend

The default OpenSSL configure check will also detect and use BoringSSL or libressl.

• GnuTLS: --without-ssl --with-gnutls.
• Cyassl: --without-ssl --with-cyassl
• NSS: --without-ssl --with-nss
• PolarSSL: --without-ssl --with-polarssl
• mbedTLS: --without-ssl --with-mbedtls
• axTLS: --without-ssl --with-axtls
• schannel: --without-ssl --with-winssl
• secure transport: --without-ssl --with-darwinssl

Windows

Building Windows DLLs and C run-time (CRT) linkage issues

As a general rule, building a DLL with static CRT linkage is highly discouraged, and intermixing CRTs in the same app is something to avoid at any cost.
Reading and comprehending Microsoft Knowledge Base articles KB94248 and KB140584 is a must for any Windows developer. Especially important is full understanding if you are not going to follow the advice given above.

• How To Use the C Run-Time
• How to link with the correct C Run-Time CRT library
• Potential Errors Passing CRT Objects Across DLL Boundaries

If your app is misbehaving in some strange way, or it is suffering from memory corruption, before asking for further help, please try first to rebuild every single library your app uses as well as your app using the debug multithreaded dynamic C runtime.
If you get linkage errors read section 5.7 of the FAQ document.

MingW32

Make sure that MinGW32's bin dir is in the search path, for example:

set PATH=c:\mingw32\bin;%PATH%

then run mingw32-make mingw32 in the root dir. There are other make targets available to build libcurl with more features, use:

• mingw32-make mingw32-zlib to build with Zlib support;
• mingw32-make mingw32-ssl-zlib to build with SSL and Zlib enabled;
• mingw32-make mingw32-ssh2-ssl-zlib to build with SSH2, SSL, Zlib;
• mingw32-make mingw32-ssh2-ssl-sspi-zlib to build with SSH2, SSL, Zlib and SSPI support.

If you have any problems linking libraries or finding header files, be sure to verify that the provided "Makefile.m32" files use the proper paths, and adjust as necessary. It is also possible to override these paths with environment variables, for example:

set ZLIB_PATH=c:\zlib-1.2.8
set OPENSSL_PATH=c:\openssl-1.0.2c
set LIBSSH2_PATH=c:\libssh2-1.6.0

It is also possible to build with other LDAP SDKs than MS LDAP; currently it is possible to build with native Win32 OpenLDAP, or with the Novell CLDAP SDK. If you want to use these you need to set these vars:

set LDAP_SDK=c:\openldap
set USE_LDAP_OPENLDAP=1

or for using the Novell SDK:

set USE_LDAP_NOVELL=1

If you want to enable LDAPS support then set LDAPS=1.

Cygwin

Almost identical to the unix installation. Run the configure script in the curl source tree root with sh configure. Make sure you have the sh executable in /bin/ or you'll see the configure fail toward the end.
Run make

Borland C++ compiler

Ensure that your build environment is properly set up to use the compiler and associated tools. PATH environment variable must include the path to bin subdirectory of your compiler installation, eg: c:\Borland\BCC55\bin
It is advisable to set environment variable BCCDIR to the base path of the compiler installation.

set BCCDIR=c:\Borland\BCC55

In order to build a plain vanilla version of curl and libcurl run the following command from curl's root directory:

make borland

To build curl and libcurl with zlib and OpenSSL support set environment variables ZLIB_PATH and OPENSSL_PATH to the base subdirectories of the already built zlib and OpenSSL libraries and from curl's root directory run command:

make borland-ssl-zlib

libcurl library will be built in 'lib' subdirectory while curl tool is built in 'src' subdirectory. In order to use libcurl library it is advisable to modify compiler's configuration file bcc32.cfg located in c:\Borland\BCC55\bin to reflect the location of libraries include paths for example the '-I' line could result in something like:

-I"c:\Borland\BCC55\include;c:\curl\include;c:\openssl\inc32"

bcc3.cfg -L line could also be modified to reflect the location of of libcurl library resulting for example:

-L"c:\Borland\BCC55\lib;c:\curl\lib;c:\openssl\out32"

In order to build sample program simple.c from the docs\examples subdirectory run following command from mentioned subdirectory:

bcc32 simple.c libcurl.lib cw32mt.lib

In order to build sample program simplessl.c an SSL enabled libcurl is required, as well as the OpenSSL libeay32.lib and ssleay32.lib libraries.
In order to build sample program sslbackend.c, an SSL enabled libcurl is required.

Disabling Specific Protocols in Windows builds

The configure utility, unfortunately, is not available for the Windows environment, therefore, you cannot use the various disable-protocol options of the configure utility on this platform.
However, you can use the following defines to disable specific protocols:

• HTTP_ONLY disables all protocols except HTTP
• CURL_DISABLE_FTP disables FTP
• CURL_DISABLE_LDAP disables LDAP
• CURL_DISABLE_TELNET disables TELNET
• CURL_DISABLE_DICT disables DICT
• CURL_DISABLE_FILE disables FILE
• CURL_DISABLE_TFTP disables TFTP
• CURL_DISABLE_HTTP disables HTTP
• CURL_DISABLE_IMAP disables IMAP
• CURL_DISABLE_POP3 disables POP3
• CURL_DISABLE_SMTP disables SMTP

If you want to set any of these defines you have the following options:

• Modify lib/config-win32.h
• Modify lib/curl_setup.h
• Modify winbuild/Makefile.vc
• Modify the "Preprocessor Definitions" in the libcurl project

Note: The pre-processor settings can be found using the Visual Studio IDE under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later versions.

Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds

In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack it is necessary to make definition of preprocessor symbol USE_LWIPSOCK visible to libcurl and curl compilation processes. To set this definition you have the following alternatives:

• Modify lib/config-win32.h and src/config-win32.h
• Modify winbuild/Makefile.vc
• Modify the "Preprocessor Definitions" in the libcurl project

Note: The pre-processor settings can be found using the Visual Studio IDE under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later versions.
Once that libcurl has been built with BSD-style lwIP TCP/IP stack support, in order to use it with your program it is mandatory that your program includes lwIP header file <lwip/opt.h> (or another lwIP header that includes this) before including any libcurl header. Your program does not need the USE_LWIPSOCK preprocessor definition which is for libcurl internals only.
Compilation has been verified with lwIP 1.4.0 and contrib-1.4.0.
This BSD-style lwIP TCP/IP stack support must be considered experimental given that it has been verified that lwIP 1.4.0 still needs some polish, and libcurl might yet need some additional adjustment, caveat emptor.

Important static libcurl usage note

When building an application that uses the static libcurl library on Windows, you must add -DCURL_STATICLIB to your CFLAGS. Otherwise the linker will look for dynamic import symbols.

Legacy Windows and SSL

WinSSL (specifically SChannel from Windows SSPI), is the native SSL library in Windows. However, WinSSL in Windows <= XP is unable to connect to servers that no longer support the legacy handshakes and algorithms used by those versions. If you will be using curl in one of those earlier versions of Windows you should choose another SSL backend such as OpenSSL.

Apple iOS and Mac OS X

On modern Apple operating systems, curl can be built to use Apple's SSL/TLS implementation, Secure Transport, instead of OpenSSL. To build with Secure Transport for SSL/TLS, use the configure option --with-darwinssl. (It is not necessary to use the option --without-ssl.) This feature requires iOS 5.0 or later, or OS X 10.5 ("Leopard") or later.
When Secure Transport is in use, the curl options --cacert and --capath and their libcurl equivalents, will be ignored, because Secure Transport uses the certificates stored in the Keychain to evaluate whether or not to trust the server. This, of course, includes the root certificates that ship with the OS. The --cert and --engine options, and their libcurl equivalents, are currently unimplemented in curl with Secure Transport.
For OS X users: In OS X 10.8 ("Mountain Lion"), Apple made a major overhaul to the Secure Transport API that, among other things, added support for the newer TLS 1.1 and 1.2 protocols. To get curl to support TLS 1.1 and 1.2, you must build curl on Mountain Lion or later, or by using the equivalent SDK. If you set the MACOSX_DEPLOYMENT_TARGET environmental variable to an earlier version of OS X prior to building curl, then curl will use the new Secure Transport API on Mountain Lion and later, and fall back on the older API when the same curl binary is executed on older cats. For example, running these commands in curl's directory in the shell will build the code such that it will run on cats as old as OS X 10.6 ("Snow Leopard") (using bash):

export MACOSX_DEPLOYMENT_TARGET="10.6"
./configure --with-darwinssl
make

Cross compile

Download and unpack the curl package.
'cd' to the new directory. (e.g. cd curl-7.12.3)
Set environment variables to point to the cross-compile toolchain and call configure with any options you need. Be sure and specify the --host and --build parameters at configuration time. The following script is an example of cross-compiling for the IBM 405GP PowerPC processor using the toolchain from MonteVista for Hardhat Linux.

#! /bin/sh
export PATH=$PATH:/opt/hardhat/devkit/ppc/405/bin
export CPPFLAGS="-I/opt/hardhat/devkit/ppc/405/target/usr/include"
export AR=ppc_405-ar
export AS=ppc_405-as
export LD=ppc_405-ld
export RANLIB=ppc_405-ranlib
export CC=ppc_405-gcc
export NM=ppc_405-nm
./configure --target=powerpc-hardhat-linux
    --host=powerpc-hardhat-linux
    --build=i586-pc-linux-gnu
    --prefix=/opt/hardhat/devkit/ppc/405/target/usr/local
    --exec-prefix=/usr/local

You may also need to provide a parameter like --with-random=/dev/urandom to configure as it cannot detect the presence of a random number generating device for a target system. The --prefix parameter specifies where curl will be installed. If configure completes successfully, do make and make install as usual.
In some cases, you may be able to simplify the above commands to as little as:

./configure --host=ARCH-OS 

from https://curl.haxx.se/docs/install.html