How to work with OpenSSL for Rust within a Windows development environment

Question

I can't build my Rust project when I add an SSL dependency in my cargo file. This isn't new to Windows, but I'd like to resolve the issue such that I can use Powershell and native Windows development to work on my Rust project.

The dependency in question is the following:

[dependencies.ws]
version = "0.8.0"
features = ["ssl"]

When I run cargo build, I get a lot of errors regarding SSL as I'm on Windows so let us begin debugging this step by step.

First errors:

PS C:\Users\sam\vcs\project> cargo build
   Compiling openssl-sys v0.9.43
error: failed to run custom build command for `openssl-sys v0.9.43`
process didn't exit successfully: `C:\Users\sam\vcs\project\target\debug\build\openssl-sys-d964f46e4c48d206\build-script-main` (exit code: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rerun-if-env-changed=X86_64_PC_WINDOWS_MSVC_OPENSSL_LIB_DIR
X86_64_PC_WINDOWS_MSVC_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=X86_64_PC_WINDOWS_MSVC_OPENSSL_INCLUDE_DIR
X86_64_PC_WINDOWS_MSVC_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=X86_64_PC_WINDOWS_MSVC_OPENSSL_DIR
X86_64_PC_WINDOWS_MSVC_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
note: vcpkg did not find openssl as libcrypto and libssl: Aborted because VCPKGRS_DYNAMIC is not set
note: vcpkg did not find openssl as ssleay32 and libeay32: Aborted because VCPKGRS_DYNAMIC is not set

Alright, lets set OPENSSL_LIB_DIR, OPENSSL_INCLUDE_DIR, and OPENSSL_DIR

$env:OPENSSL_LIB_DIR="C:\OpenSSL-Win64\lib"
$env:OPENSSL_INCLUDE_DIR="C:\OpenSSL-Win64\include"
$env:OPENSSL_DIR="C:\OpenSSL-Win64"

However, now running cargo build or cargo run actually compiles, but I don't think SSL works correctly since the code path that connects to the websocket fails with error none.

I installed the latest (1.1.0j) full (non-slim) version of OpenSSL from the following website: https://slproweb.com/products/Win32OpenSSL.html

The only environment variable it had set was:

OPENSSL_CONF: C:\OpenSSL-Win64\bin\openssl.cfg

But I also added C:\OpenSSL-Win64\bin to my PATH.

When cargo build actually compiled, the websocket fails with error None

The on_error block is executed on my Windows box, but my Linux machine never executes this code block.

Just so we're on the same page, this is the output of the print statement:

fn on_error(&mut self, err: ws::Error) {
    println!("On Error, {}", err)
}

None isn't a very descriptive answer. So I assumed that I just needed some certs since OpenSSL doesn't come with certs. I downloaded a cacert.pem from somewhere online and placed it into the certs folder of the OpenSSL installation but that didn't make much difference either. Still the same None error.

On my Linux box, I would expect the websocket connection to succeed and for the code to proceed to on_open:

fn on_open(&mut self, _: ws::Handshake) -> ws::Result<()> {
...
}

---

Has anyone worked through this OpenSSL issue on their Windows development environment?

---

UPDATE 0

As per Cloud's advice, I tried to use VCPKG. Unfortunately it didn't work.

PS C:\Users\sam\vcs\vcpkg> .\vcpkg.exe list
openssl-windows:x64-windows-static                 1.0.2q-2         OpenSSL is an open source project that provides ...
openssl-windows:x86-windows                        1.0.2q-2         OpenSSL is an open source project that provides ...
openssl:x64-windows-static                         0                OpenSSL is an open source project that provides ...
openssl:x86-windows                                0                OpenSSL is an open source project that provides ...

Then I set the variables in my powershell window:

PS C:\Users\sam\vcs\project> $env:OPENSSL_DIR = 'C:\Users\sam\vcs\vcpkg\installed\x64-windows-static'
PS C:\Users\sam\vcs\project> $env:OPENSSL_STATIC = 'Yes'
PS C:\Users\sam\vcs\project> $env:VCPKGRS_DYNAMIC='1'

Then I ran cargo clean and then cargo build and I still got the same error where my websocket throws the error None.

Still no luck here.

Answer 1

None of the other answers worked for me but I got it working with vcpkg and static linking. Here is what I did (I was trying to install wrangler, it worked after following the steps below and running cargo install wrangler).

1. Install vcpkg (following the instructions from https://github.com/Microsoft/vcpkg#quick-start-windows). I ran this in a Visual Studio 2019 Developer Command Prompt (%comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Auxiliary\Build\vcvars64.bat") but I don't know if this is necessary.

   cd C:\
   git clone https://github.com/microsoft/vcpkg
   cd vcpkg
   vcpkg\bootstrap-vcpkg.bat
   

2. From the same command prompt, install openssl

   vcpkg\vcpkg install openssl:x64-windows-static
   

3. Install the CA certificates (as described by Fatih Karan's answer and the old README of the rust-openssl project)

   mkdir "C:\Program Files\OpenSSL-Win64\certs"
   curl --remote-name --time-cond "C:\Program Files\OpenSSL-Win64\certs\cacert.pem" -o "C:\Program Files\OpenSSL-Win64\certs\cacert.pem" https://curl.se/ca/cacert.pem
   

4. In a command prompt in your Rust project (or any other directory if you don't have a Rust project and just need to cargo install something), set the following environment variables:

   set OPENSSL_NO_VENDOR=1
   set RUSTFLAGS=-Ctarget-feature=+crt-static
   set SSL_CERT_FILE=C:\OpenSSL-Win64\certs\cacert.pem
   

   • OPENSSL_NO_VENDOR to 1: Instruct the openssl-sys crate to use a pre-compiled openssl library. If this is not set it will try to compile it and fail (because perl is typically not available on Windows).
   • RUSTFLAGS to -Ctarget-feature=+crt-static: Instruct the Rust compiler (or more precisely the linker invoked by the Rust compiler) to produce a statically linked binary. If this is missing, the vcpkg crate (which is used by the openssl-sys crate to find the pre-compiled openssl library) will use the vcpkg triplet x64-windows-static-md. It seems that this triplet does not exist for openssl. With this environment variable, vcpkg will use the triplet x64-windows-static and this worked for me.
   • SSL_CERT_FILE to the location of cacert.pem: You need the root certificates in this file to make secure connections to servers.

Answer 2

1. clone vcpkg
2. open directory where you've cloned vcpkg
3. run ./bootstrap-vcpkg.bat
4. run ./vcpkg.exe install openssl-windows:x64-windows
5. run ./vcpkg.exe install openssl:x64-windows-static
6. run ./vcpkg.exe integrate install
7. run set VCPKGRS_DYNAMIC=1 (or simply set it as your environment variable)