...someplace, where there isn't any trouble? Do you suppose there is such a place, Toto?

Building OpenSSL 3.1.4 for Android with the MS Visual Studio 2022 native toolchain and cygwin

Building OpenSSL has gotten really easy these days and a lot of arcane things that I had to do to build version 1.1.x with cygwin and Visual Studio 2017 or version 1.0.2x are now a thing of the past. However, one thing I first had to do to build version  3.1.4 for android was updating cygwin to a more recent version than in the past, because  the old version I used before has some trouble using the configure script from version 3.1.x, most probably because the version of perl was too old. So I installed the most  current x64 version of cygwin at the time of writing  (3.4.9) into c:\cygwin64 and besides from a default install I added the following components  to the install:

automake, patch, perl, dos2unix, make, makedepend

You can download the full list of components in my cygwin installation here.

Since the build scripts for OpenSSL on Linux make heavy use of symbolic links for header files, you should also turn on "Developer Mode" on your build and development host (which should be Windows 10 10.0.15063 or later), otherwise the build scripts cannot be executed successfully by a standard user. From Windows 10 10.0.15063 on, symbolic links can be created on Windows machines without administrative permissions if the box is running in "Developer Mode".

In the following I assume that cygwin is installed into c:\cygwin64. In case your installation directory is different, set an environment variable named "CYGWIN_PATH" that points to your installation directory of cygwin prior to invocation of my build scripts, or edit the file named createcfg.bat among the script files in the zip for this article and set the value of "INTERNAL_CYGWIN_PATH" in this file to your cygwin installation path.

I further assume that the NDK that comes with Visual Studio 2022 is installed in c:\Microsoft\AndroidNDK\android-ndk-r23c. In case it is someplace else, set an environment variable named "OPENSSL_ANDROID_NDK_ROOT" that points to your NDK installation prior to invocation of my build scripts, or edit the file named createcfg.bat among the script files in the zip for this article and set the value of "INTERNAL_OPENSSL_ANDROID_NDK_ROOT" in this file to your NDK installation path.

In  order to build version 3.1.4 of OpenSSL for Android first download this zip file containing my scripts onto your Windows box with Visual Studio 2022 and the native Android build tools installed. Unpack the file into a directory and a subdirectory named "androidopenssl3.1.x" will be created. Open a command prompt and navigate into this directory. Now download version 3.1.4 of OpenSSL here (in case this link doesn't work, try this one which should point to the archive of old builds) and copy it into that directory as well.

After all that, run the build.bat batch file within the command prompt and sit back. On my Ryzen 5 5600X it takes something like 25 minutes to build the whole shebang. You will find 4 subdirectories (arm, arm64, x86 and x86_64) for the 4 supported processor architectures that each contain a directory with the name of the openssl file name (without the extension tar.gz, so in case of version 3.1.4 of OpenSSL this directory name is "openssl-3.1.4"). Within that directory you will find libssl.a and libcrypto.a built for the corresponding processor architecture.

In case you would want to build dynamic libraries as well, edit the file buildplatform.sh and remove "-no-shared" from the configure options.

And finally: If you want to build a newer version of OpenSSL than 3.1.4, download its tarball into the directory where you unpacked the build scripts and change the value of "OPENSSL_VERSION" in createcfg.bat from "openssl-3.1.4" to the name of your tarball (but without the extension ".tar.gz"). Do the same for "ANDROID_API" (which is set to the value 23 in my scripts) if you want to target a different Android API version than 23.

 The license for these shell scripts of mine is the same as for OpenSSL, so nothing should change for you.


Building OpenSSL 3.1.3 for iOS and iPadOS

In order to keep up-to-date I have  rewritten my scripts for an OpenSSL build for iOS/iPadOS. You can find them here and here. Download these files into an empty directory on your Mac and add a decent OpenSSL tarball into this  directory. After that execute

chmod +x build.sh

in this directory followed by


In case you want to build a newer or different version of OpenSSL 3.1x, edit build.sh and change the value for OPENSSLVERSION on line  4 which currently looks like this:


 Change this line to the file name of your tarball without the trailing .tar.gz extension.

I do not know if these scripts also work on an ARM based Mac, I am still working with an Intel based Mac running Mac OS Ventura with XCode  14.3.1. These scripts only build libraries for the two remaining processor architectures relevant for iOS/iPadOS today: x64 and arm64.

The license for these shell scripts of mine is the same as for OpenSSL, so nothing should change for you.


"True story, true story!"

There are two jazz musicians who are great buddies. They hang out and play together for years, virtually inseparable. Unfortunately, one of them is struck by a truck and killed. About a week later his friend wakes up in the middle of the night with a start because he can feel a presence in the room. He calls out, "Who's there?  Who's there?  What's going on?" "It's me  --Bob," replies a faraway voice. Excitedly he sits up in bed. "Bob!  Bob!  Is that you?  Where are you?" "Well," says the voice, "I'm in heaven now." "Heaven!  You're in heaven!  That's wonderful!  What's it like?" "It's great, man. I gotta tell you, I'm jamming up here every day. I'm playing with Bird, and 'Trane, and Count Basie drops in all the time! Man it is smokin'!" "Oh, wow!" says his friend. "That sounds fantastic, tell me more, tell me more!" "Let me put it this way," continues the voice. "There's good news and bad news. The good news is that these guys are in top form. I mean I have *never* heard them sound better. They are *wailing* up here." "The bad news is that God has this girlfriend that sings..."

Building OpenSSL 1.1.1 for Android on Windows with the Visual Studio 2017 native toolchain and cygwin


Disclaimer: The build scripts outlined in this post have been created in my own spare time. The license of the code is the same license as is used for OpenSSL.

A while ago I wrote about Building OpenSSL 1.0.2 for Android on Windows with Visual Studio 2017, and also how to build OpenSSL 1.1.1 for iOS/iPadOS. This time, I will show how to build OpenSSL 1.1.1 for Android on Windows with the Visual Studio 2017 native toolchain and cygwin.

The procedure outlined here produces actually working static or dynamic libraries and has the same prerequisites as in the article before on how to build version 1.0.2 of the libraries, but with one addition: The cygwin install will also require the installation of gnu make and patch.


Using the scripts

In order to use the scripts I have written, follow theses steps:

  • Make sure all preconditions are fulfilled, as described above (cygwin with make and patch) and in the article on building version 1.0.2
  • Unpack the zip File (Download) into a writable directory, make sure that you have the "Change permissions" right for the directory and all its files and subdirectories granted, otherwise the calls to chmod in the build scripts will fail (cygwin places some strange NULL SID ACEs into the DACL of files that are granted execution right using chmod which requires the "Change permissions" access right)
  • Download openssl-1.1.1l.tar.gz from openssl.org (Download) and copy it into the directory created in the previous step.
  • Open a windows command prompt and change the current directory to the directory from the above steps
  • Execute "build.bat" and wait
  • Find the header files or the build under platform specific subdirectories like arch-x86, arch-arm in the subdirectory openssl-1.1.1l/include and find the libraries (libcrypto.a, libssl.a, libcrypto.so and libssl.so) directly in the subdirectory openssl-1.1.1l.
If you need some more information on how the build scripts work, please refer to my article on building OpenSSL 1.0.2, the very same basic principles apply here as well. In case you want to build a newer version of OpenSSL than version  1.1.1.l, all you have to do is change the reference to the name of the openssl tarball in buildplatform.sh in the following line:
By default the build scripts only build the static libraries libcrypto.a and libssl.a. If you want to create the dynamic libaries as well (i.e. libcrypto.so and libssl.so) locate the following lines in buildplatform.sh:
# in order to build with dynamic libraries (i.e. libcrypto.so and libssl.so in addition to
# only libcrypto.a and libssl.a, remove the -no-shared flag from the following command line:
perl Configure $SSL_TARGET $OPTIONS $ADD_CFLAGS -I$NDK_PATH/sysroot/usr/include/$TRIBLE $ADD_LIB_FLAGS -no-shared
Follow the advise of the comment and remove the -no-shared flag, rebuild and you will also get the shared libraries.


Building OpenSSL 1.1.1 for iOS

Building OpenSSL for iOS has never been easier than with version 1.1.1. Required software for this purpose is a decent Mac with XCode and XCode command line tools installed. I have wrapped the build process into two shell scripts here and here. Download your version of OpenSSL 1.1.1 here and place the tarball you have downloaded alongside these two shell scripts in a directory on your mac. Then open a terminal, navigate into this directory and execute this in order to make the shell script executable:

chmod +x build.sh

At the time this post was written, version 1.1.1i of OpenSSL was the most recent version, so if you have downloaded a newer version than that, edit build.sh and locate line 4 which looks like this:


change the value of this string to the name of the OpenSSL tarball you have without the trailing ".tar.gz".

After that, execute the buildscript on the command line:


This will really take some time, be prepared for half an hour or longer. At the very end, you will get a subdirectory with a multiplatform version (i386, x86_64, armv7, armv7s, arm64) of libssl.a and libcrypto.a in the "build/lib" subdirectory. The subdirectory "build" also contains the relevant header files in individual subdirectories for the different platforms.

 The license for these shell scripts of mine is the same as for OpenSSL, so nothing should change for you.





1 2 3 4 5 6 7 8 9 10 11 ... 47 >>