Refresh the thinking of --prefix and --openssldir

--prefix is now exclusively used for software and manual installation.
--openssldir is not exclusively used as a default location for certs,
keys and the default openssl.cnf.

This change is made to bring clarity, to have the two less
intertwined, and to be more compatible with the usual ways of software
installation.

Please change your habits and scripts to use --prefix rather than
--openssldir for installation location now.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

CHANGES

@@ -4,6 +4,27 @@
 
  Changes between 1.0.2e and 1.1.0  [xx XXX xxxx]
 
+  *) To clarify their intended purposes, the Configure options
+     --prefix and --openssldir change their semantics, and become more
+     straightforward and less interdependent.
+
+     --prefix shall be used exclusively to give the location INSTALLTOP
+     where programs, scripts, libraries, include files and manuals are
+     going to be installed.  The default is now /usr/local.
+
+     --openssldir shall be used exclusively to give the default
+     location OPENSSLDIR where certificates, private keys, CRLs are
+     managed.  This is also where the default openssl.cnf gets
+     installed.
+     If the directory given with this option is a relative path, the
+     values of both the --prefix value and the --openssldir value will
+     be combined to become OPENSSLDIR.
+     The default for --openssldir is INSTALLTOP/ssl.
+
+     Anyone who uses --openssldir to specify where OpenSSL is to be
+     installed MUST change to use --prefix instead.
+     [Richard Levitte]
+
   *) The GOST engine was out of date and therefore it has been removed. An up
      to date GOST engine is now being maintained in an external repository.
      See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains

Configure

@@ -21,10 +21,15 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # --config      add the given configuration file, which will be read after
 #               any "Configurations*" files that are found in the same
 #               directory as this script.
-# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+# --prefix      prefix for the OpenSSL installation, which includes the
-#               --prefix option is given; /usr/local/ssl otherwise)
+#               directories bin, lib, include, share/man, share/doc/openssl
-# --prefix      prefix for the OpenSSL include, lib and bin directories
+#               This becomes the value of INSTALLTOP in Makefile
-#               (Default: the OPENSSLDIR directory)
+#               (Default: /usr/local)
+# --openssldir  OpenSSL data area, such as openssl.cnf, certificates and keys.
+#               If it's a relative directory, it will be added on the directory
+#               given with --prefix.
+#               This becomes the value of OPENSSLDIR in Makefile and in C.
+#               (Default: PREFIX/ssl)
 #
 # --install_prefix  Additional prefix for package builders (empty by
 #               default).  This needn't be set in advance, you can
@@ -1056,8 +1061,6 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
 $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
 $exe_ext=".nlm" if ($target =~ /netware/);
 $exe_ext=".pm"  if ($target =~ /vos/);
-$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
-$prefix=$openssldir if $prefix eq "";
 
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
@@ -1066,11 +1069,10 @@ my $make = $ENV{'MAKE'} || "make";
 
 $cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
 
-chop $openssldir if $openssldir =~ /\/$/;
+$prefix = "/usr/local" if !$prefix;
-chop $prefix if $prefix =~ /.\/$/;
+$openssldir = "ssl" if !$openssldir;
-
+$openssldir = catdir($prefix, $openssldir)
-$openssldir=$prefix . "/ssl" if $openssldir eq "";
+    unless file_name_is_absolute($openssldir);
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
 
 
 print "IsMK1MF=$IsMK1MF\n";

Makefile.in

@@ -24,10 +24,11 @@ HERE=.
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
 INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
 
-# Do not edit this manually. Use Configure --openssldir=DIR to change this!
+# Do not edit these manually. Use Configure with --prefix or --openssldir
-OPENSSLDIR=/usr/local/ssl
+# to change this!  Short explanation in the top comment in Configure
+INSTALLTOP=/usr/local
+OPENSSLDIR=$(INSTALLTOP)/ssl
 
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
@@ -153,12 +154,12 @@ TESTS = alltests
 
 MAKEFILE= Makefile
 
-MANDIR=$(OPENSSLDIR)/man
+MANDIR=$(INSTALLTOP)/share/man
 MAN1=1
 MAN3=3
 MANSUFFIX=
 HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
+HTMLDIR=$(INSTALLTOP)/share/doc/$(BASENAME)/html
 SHELL=/bin/sh
 
 TOP=    .

NEWS

@@ -29,6 +29,9 @@
       o Application software can be compiled with -DOPENSSL_API_COMPAT=version
         to ensure that features deprecated in that version are not exposed.
       o Support for RFC6698/RFC7671 DANE TLSA peer authentication
+      o Change of Configure to use --prefix as the main installation
+        directory location rather than --openssldir.  The latter becomes
+        the directory for certs, private key and openssl.cnf exclusively.
 
   Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
 

util/mk1mf.pl

@@ -9,7 +9,7 @@
 
 use Cwd;
 
-$INSTALLTOP="/usr/local/ssl";
+$INSTALLTOP="/usr/local";
 $OPENSSLDIR="/usr/local/ssl";
 $OPTIONS="";
 $ssl_version="";