This page explains how to compile the Mbed TLS cryptography library in the MinGW environment and the Windows command prompt.
MinGW, Minimalist GNU for Windows, allows you to compile most Posix (Linux, Unix, and so on) programs to run on Microsoft Windows.
You can compile Mbed TLS in the native Windows compiler. However, if you use Mbed TLS as part of a Linux (or other) project that you would like to port to MinGW, you need a MinGW-compiled version of Mbed TLS.
Install MinGW64 by downloading and running the installer
mingw-w64-install.exe from Sourceforge.
Choose latest mingw64 version, for x86_64 architecture and win32 threads:
This tutorial uses the install location:
c:\mingw-64. (The default install location of Mingw64 is different and dependent on the parameters chosen in the installer. With the described parameters, it would be
Before using the MinGW environment, you must set the path to the
For Windows 10, you can set this permanently through: * Control Panel > User Accounts > Change my environment variables.
C:\mingw-w64\mingw64\bin to the path variable. You need administrator privileges to do this.
To set the path for each session you can start a command prompt and type:
Keep the command window open.
Install Python and Perl(optional)
Mbed TLS comes with a set of 6000+ unit tests. The test programs are generated by a Python script, and executed by a Perl script. In order to build this part of Mbed TLS, you need Python and Perl environments. Install Python and a binary distributions like ActiveState Perl or Strawberry Perl. Alternatively, you could compile Perl and Python from source in MinGW.
If you choose not to install one of these environments, you will have access only to a smaller set of tests.
Download Mbed TLS
Download the latest version of Mbed TLS. You can use a tool like 7-zip to unzip the file. Unzip to a location like
c:\mingw-64\projects. This gives you the directory
Build Mbed TLS
Now we are ready to build Mbed TLS. Go back to the command window where you set the
Change directory to the
MinGW uses a slightly different
make command. Also, the Mbed TLS makefiles need to know you are building for Windows, so it can adjust the linker flags:
Alternatively, you can type
mingw32-make CC=gcc WINDOWS=1, but you will need to re-type
WINDOWS=1 with every single invocation of
mingw32-make, while the above version works for an entire shell session.
You can optionally check that Mbed TLS works correctly by entering:
mingw32-make CC=gcc check
Note: in order to run the tests, you will need to install cygwin and set it in the path, since the tests rely on
If you chose not to install Perl or Python, then you can skip building the full suite of unit tests by using the following build command:
mingw32-make CC=gcc no_test
You can then run a much more minimal set of unit tests with:
Use Mbed TLS
You can now use some of the utility programs that come with Mbed TLS, like:
programs\ssl\ssl_client2 server_name=www.google.nl server_port=443 programs\test\selftest
You should see some HTML output for the first program, and something like this for the selftest program:
If your client application fails, it is probably because you need to set the CA certificate file or path of
If you installed Perl and built the tests, you can run any of the executables in the
tests directory to run the individual test suites.
To link Mbed TLS to your own programs, you can add the paths to the
mbedtls\include and mbedtls\library directories to your project.