1. Introduction

In this tutorial we will compile the mbed TLS cryptography library in the MinGW environment.

MinGW, the Minimalist GNU for Windows, allows you to compile most Posix (Linux, Unix, etc.) programs to run in Microsoft Windows.

mbed TLS itself can be easily compiled with the native Windows compiler. But if mbed TLS is used as part of a (for instance) Linux project that you would like to port to MinGW, you need to have a MinGW compiled version of mbed TLS.

2. Install MinGW

If you haven't already installed MinGW start by downloading the installer (mingw-get-inst.exe) from Sourceforge and running it. For this tutorial I have used the default install location: c:\MinGW.

Before using the MinGW environment you have to set the path to the mingw\bin directory. For Windows 7 you can set this permanently through: Control Panel / User Accounts / Change my environment variables. Add c:\MinGW\bin to the path variable. You will need administrator privileges to be able to do this.

To set the path for each session you can start a command prompt and type:

set PATH=C:\MinGW\bin;%PATH%"

Do not close the command window yet, we will be using it in this tutorial !

3. Install Perl (optional)

An important part of mbed TLS is that it is accompanied by a large set of unit tests (6000+ items). The test programs are generated by a Perl script. In order to build this part of mbed TLS we need a Perl environment. The easiest way to do this is by installing one of the binary distributions like ActiveState Perl or Strawberry Perl. Alternatively you could compile Perl from source in MinGW !

If you choose not to install Perl, you will only be able to run a smaller set of tests.

4. Download mbed TLS

Download the latest version of mbed TLS. To unpack this file you can use a tool like 7-zip. For this tutorial I am unpacking to c:\MinGW\projects. You should end up with a directory C:\MinGW\projects\mbedtls-x.y.z.

5. Build mbed TLS

Now we are ready to build mbed TLS. Go back to the command window where you set the MinGW\bin path. Change directory into the c:\mingw\projects\mbedtls-x.y.z folder.

cd c:\mingw\projects\mbedtls-x.y.z

MinGW uses a slightly different make command. Also, the mbed TLS makefiles need to know we are building for the Windows platform so that it can adjust the linker flags.

mingw32-make CC=gcc

Alternatively, you can type mingw32-make WINDOWS=1 but then you will need to re-type WINDOWS=1 with every single invocation of mingw32-make, while the above version works for an entire shell session.

Optionally you can check that mbed TLS works correctly by entering:

mingw32-make CC=gcc check

If you chose not to install Perl, then you can skip building the full suite of unit tests by using the following build command:

mingw32-make CC=gcc no_test

You'll then be able to run a much more minimal set of unit test with


6. Use mbed TLS

We can now use some of the utility programs that come with mbed TLS, like:

programs\ssl\ssl_client2 server_name=www.google.nl server_port=443


You should see some html output and something like this:

Selftest output

If you installed Perl and built the tests, to run the individual test suites you could run any of the executables in the tests directory. Enter for example:


To link mbed TLS with your own programs you can add the paths to the mbedtls\include and mbedtls\library directories to your project.

7. Conclusion

This tutorial showed how to set mbed TLS in MinGW.

Did this help?