Compiling Mbed TLS in MinGW
This page explains how to compile the Mbed TLS cryptography library in the MinGW environment and the Windows command prompt.
MinGW, Minimalist GNU for Windows, allows you to compile most Posix (Linux, Unix, and so on) programs to run on Microsoft Windows.
You can compile Mbed TLS in the native Windows compiler. However, if you use Mbed TLS as part of a Linux (or other) project that you would like to port to MinGW, you need a MinGW-compiled version of Mbed TLS.
Install MinGW
Install MinGW64 by downloading and running the installer mingw-w64-install.exe
from Sourceforge.
Choose latest mingw64 version, for x86_64 architecture and win32 threads:
This tutorial uses the install location: c:\mingw-64
. (The default install location of Mingw64 is different and dependent on the parameters chosen in the installer. With the described parameters, it would be C:\Program Files\mingw-w64\x86_64-8.1.0-win32-seh-rt_v6-rev0
.)
Before using the MinGW environment, you must set the path to the mingw-64\mingw64\bin
directory.
For Windows 10, you can set this permanently through:
Control Panel > User Accounts > Change my environment variables.
Add C:\mingw-w64\mingw64\bin
to the path variable. You need administrator privileges to do this.
To set the path for each session you can start a command prompt and type:
set PATH=C:\mingw-64\mingw64\bin;%PATH%"
Keep the command window open.
Install Python and Perl(optional)
Mbed TLS comes with a set of 6000+ unit tests. The test programs are generated by a Python script, and executed by a Perl script. In order to build this part of Mbed TLS, you need Python and Perl environments. Install Python and a binary distributions like ActiveState Perl or Strawberry Perl. Alternatively, you could compile Perl and Python from source in MinGW.
If you choose not to install one of these environments, you will have access only to a smaller set of tests.
Download Mbed TLS
Download the latest version of Mbed TLS. You can use a tool like 7-zip to unzip the file. Unzip to a location like c:\mingw-64\projects
. This gives you the directory C:\mingw-64\projects\mbedtls-x.y.z
.
Build Mbed TLS
Now we are ready to build Mbed TLS. Go back to the command window where you set the mingw-64\mingw64\bin
path.
Change directory to the c:\mingw-64\projects\mbedtls-x.y.z
folder.
cd c:\mingw-64\projects\mbedtls-x.y.z
MinGW uses a slightly different make
command. Also, the Mbed TLS makefiles need to know you are building for Windows, so it can adjust the linker flags:
set WINDOWS=1
mingw32-make CC=gcc
Alternatively, you can type mingw32-make CC=gcc WINDOWS=1
, but you will need to re-type WINDOWS=1
with every single invocation of mingw32-make
, while the above version works for an entire shell session.
You can optionally check that Mbed TLS works correctly by entering:
mingw32-make CC=gcc check
Note: in order to run the tests, you will need to install cygwin and set it in the path, since the tests rely on cygwin1.dll
:
set PATH=C:\cygwin64\bin;%PATH%
If you chose not to install Perl or Python, then you can skip building the full suite of unit tests by using the following build command:
mingw32-make CC=gcc no_test
You can then run a much more minimal set of unit tests with:
programs\test\selftest
Use Mbed TLS
You can now use some of the utility programs that come with Mbed TLS, like:
programs\ssl\ssl_client2 server_name=www.google.nl server_port=443
programs\test\selftest
You should see some HTML output for the first program, and something like this for the selftest program:
If your client application fails, it is probably because you need to set the CA certificate file or path of www.google.nl
, as ca_file
or ca_path
parameter.
If you installed Perl and built the tests, you can run any of the executables in the tests
directory to run the individual test suites.
Enter:
test_suite_aes.cbc
To link Mbed TLS to your own programs, you can add the paths to the mbedtls\include and mbedtls\library
directories to your project.