BUILDING AND INSTALLING

    Full instructions:
        See doc/html/building.html

    Quick instructions:
        ./bootstrap
        ./configure
        make
        make check
        sudo make install

For SunOS and AIX have a look at README.SunOS and README.AIX.

--------------------------------------------------------------------

It is possible to build many components with a relatively newer version of cmake.


For example on Windows,

mkdir build
cd build
cmake  -DHAVE_SSL=ON -G "Visual Studio 15 2017 Win64" -DCMAKE_INSTALL_PREFIX:PATH="install-path" -DOPENSSL_ROOT_DIR="path to openssl" ..
Then build in Visual Studio or on command prompt.

On Linux (with system openssl),

cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DHAVE_SSL=ON -DCMAKE_INSTALL_PREFIX:PATH="install-path" ..
make -j 4 install

If one has Ninja then (with system openssl),

cmake -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DHAVE_SSL=ON -DCMAKE_INSTALL_PREFIX:PATH="install-path" ..
ninja install

I was able to get the 64 bit version of QuickFIX library to compile on AIX 6100-09-05-1524 with IBM XL C/C++ for AIX, V12.1.
Unit tests do not compile so these were disabled.

Also, for building please refer to
https://www.ibm.com/support/knowledgecenter/SSGH3R_13.1.0/com.ibm.xlcpp131.aix.doc/proguide/threadsafe_streams.html
as this may have an impact on your application (like examples).

Example script:

#!/bin/sh

cflagx="-q64 -D_THREAD_SAFE -qthreaded"
cxxflagx="-q64 -D_THREAD_SAFE -qthreaded -D__IBMCPP_TR1__=1"
ldflagx="-q64 -D_THREAD_SAFE -qthreaded"

OBJECT_MODE=64
export OBJECT_MODE

./bootstrap

CC=xlc_r CXX=xlC_r CFLAGS=$cflagx CXXFLAGS=$cxxflagx LDFLAGS=$ldflagx configure --prefix="Your prefix"

make && make install

------------
INTRODUCTION
------------

This document describes the rudimentary SSL functionality available in QuickFIX. OpenSSL (https://www.openssl.org/) has been used to provide the SSL functionality. The QuickFIX library can be built with OpenSSL or it can be built without OpenSSL support and the classes (files) related to the SSL functionality used directly in the user project.

--------------------------------------
BUILDING QUICKFIX WITH OPENSSL SUPPORT
--------------------------------------

1. Unix

$ ./configure --with-openssl="path to openssl install"

"path to openssl install" dir should have include/openssl and lib directories with appropriate files. If no path is specified, then the default openssl installation is used.

$ make

2. Windows

The Visual Studio project will have to be configured to find the OpenSSL headers and libs.

#define HAVE_SSL 1

will be required in src/config_windows.h

--------------------------------------------------------------
USING SSL FILES WITHOUT BUILDING QUICKFIX WITH OPENSSL SUPPORT
--------------------------------------------------------------

The SSL functionality is contained in the files

SSLSocketAcceptor.h
SSLSocketAcceptor.cpp
SSLSocketInitiator.h
SSLSocketInitiator.cpp
SSLSocketConnection.h
SSLSocketConnection.cpp
ThreadedSSLSocketAcceptor.h
ThreadedSSLSocketAcceptor.cpp
ThreadedSSLSocketInitiator.h
ThreadedSSLSocketInitiator.cpp
ThreadedSSLSocketConnection.h
ThreadedSSLSocketConnection.cpp
UtilitySSL.h
UtilitySSL.cpp

These files can be directly incorporated in the a project. HAVE_SSL will have to be defined in addition to other OpenSSL related configuration.

--------------
SSL PARAMETERS
--------------

Parameters have to be defined in the DEFAULT section of the ini file.

SSL config for acceptor:

[DEFAULT]

#This directive points to the PEM-encoded Certificate file and
#optionally also to the corresponding RSA or DSA Private Key file for it
#(contained in the same file).

ServerCertificateFile=

#This directive points to the PEM-encoded Private Key file. If
#the Private Key is not combined with the Certificate in the
#server certificate file, use this additional directive to point to the file with
#the stand-alone Private Key.

ServerCertificateKeyFile=

#This directive sets the Certificate verification level. It applies to the authentication process used in the
#standard SSL handshake when a connection is established. 0 implies do not verify. 1 implies verify.

VerifyLevel=

#This directive sets the all-in-one file where you can assemble the
#Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose
#clients you deal with.

CertificateRevocationListFile=

#This directive sets the directory where you keep the Certificate Revocation
#Lists (CRL) of Certification Authorities (CAs) whose clients you deal with.

CertificateRevocationListDirectory=

SSL config for initiator:

[DEFAULT]

#This directive points to the PEM-encoded Certificate file and
#optionally also to the corresponding RSA or DSA Private Key file for it
#(contained in the same file).

ClientCertificateFile=

#This directive points to the PEM-encoded Private Key file. If
#the Private Key is not combined with the Certificate in the
#server certificate file, use this additional directive to point to the file with
#the stand-alone Private Key.

ClientCertificateKeyFile=

Common options:

# This directive can be used to control the SSL protocol flavors the application
# should use when establishing its environment.
#
# The available (case-insensitive) protocols are:
#
# SSLv2
#
#  This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the
#  original SSL protocol as designed by Netscape Corporation.
#
# SSLv3
#
#  This is the Secure Sockets Layer (SSL) protocol, version 3.0. It is the
#  successor to SSLv2 and the currently (as of February 1999) de-facto
#  standardized SSL protocol from Netscape Corporation. It's supported by
#  almost all popular browsers.
#
# TLSv1
#
#  This is the Transport Layer Security (TLS) protocol, version 1.0.
#
# TLSv1_1
#
#  This is the Transport Layer Security (TLS) protocol, version 1.1.
#
# TLSv1_2
#
#  This is the Transport Layer Security (TLS) protocol, version 1.2.
#
# all
#
#  This is a shortcut for `+SSLv2 +SSLv3 +TLSv1 +TLSv1_1 +TLSv1_2' and a convenient way for
#  enabling all protocols except one when used in combination with the minus
#  sign on a protocol as the example above shows.
#
# Example:
#
#  enable all but not SSLv2
#  SSLProtocol = all -SSLv2
#
# `all -SSLv2` is the default value when the parameter is not specified.

SSLProtocol=

# This complex directive uses a colon-separated cipher-spec string consisting
# of OpenSSL cipher specifications to configure the Cipher Suite the client is
# permitted to negotiate in the SSL handshake phase. Notice that this directive
# can be used both in per-server and per-directory context. In per-server
# context it applies to the standard SSL handshake when a connection is
# established. In per-directory context it forces a SSL renegotation with the
# reconfigured Cipher Suite after the HTTP request was read but before the HTTP
# response is sent.
#
# An SSL cipher specification in cipher-spec is composed of 4 major attributes
# plus a few extra minor ones:
#
# Key Exchange Algorithm:
#  RSA or Diffie-Hellman variants.
#
# Authentication Algorithm:
#  RSA, Diffie-Hellman, DSS or none.
#
# Cipher/Encryption Algorithm:
#  DES, Triple-DES, RC4, RC2, IDEA or none.
#
# MAC Digest Algorithm:
#  MD5, SHA or SHA1.
#
# For more details refer to mod_ssl documentation.
#
# Example: RC4+RSA:+HIGH:

SSLCipherSuite=

#This directive sets the all-in-one file where you can assemble the
#Certificates of Certification Authorities (CA) whose clients you deal with.

CertificationAuthoritiesFile=

#This directive sets the directory where you keep the Certificates of
#Certification Authorities (CAs) whose clients you deal with.

CertificationAuthoritiesDirectory=

-------------
EXAMPLE USAGE
-------------

Acceptor:

  try
  {
    FIX::SessionSettings settings( file );

    Application application;
    FIX::FileStoreFactory storeFactory( settings );
    FIX::ScreenLogFactory logFactory( settings );
    FIX::ThreadedSSLSocketAcceptor acceptor( application, storeFactory, settings, logFactory );

    acceptor.start();
    wait();
    acceptor.stop();
    return 0;
  }
  catch (const std::exception & e )
  {
    std::cout << e.what() << std::endl;
    return 1;
  }

Initiator:

  try
  {
    FIX::SessionSettings settings( file );

    Application application;
    FIX::FileStoreFactory storeFactory( settings );
    FIX::ScreenLogFactory logFactory( settings );
    FIX::ThreadedSSLSocketInitiator initiator( application, storeFactory, settings, logFactory );

    initiator.start();
    application.run();
    initiator.stop();

    return 0;
  }
  catch ( std::exception & e )
  {
    std::cout << e.what();
    return 1;
  }


If the server or client certficate key is password protected, than the password can be set by the method

  void setPassword(const std::string & pwd);

There are sample SSL certificates in the sub-directory bin/cfg/certs/.

----------
CONCLUSION
----------

Since this is the first implementation of OpenSSL support the users are requested to let the developer know about bugs/problems and missing implementation.

I was able to get the 64 bit version of QuickFIX library to compile on Solaris 10 (sparc) with workshop 12.3 compiler.
Unit tests do not compile so these were disabled.

Example script:

#!/bin/sh

./bootstrap

CC=cc CXX=CC CFLAGS=-m64 CXXFLAGS=-m64 LDFLAGS=-m64 configure --prefix="Your prefix"

make && make install