Miod Vallat <[email protected]> wrote on 2014/10/05 17:28:50:
>
> > I am trying to build a smaller libressl(portable) and this is the
> > src code I had change.
> >
> > The auto based build system also needs tweeking, I simply removed
> > those lines for now but it would be nice with proper
--enable/--disable
> > knobs.
>
> We did not unentangle the happy maze of openssl defines and options in
> order to put it back later. There is no intent in supporting building
> with OPENSSL_NO_whatever.
Ok, good to know where you are heading then.
>
> A diff back #ifdef OPENSSL_NO_FOO or shuffling the existing ones around
> in order to get things to build will not get accepted. On the other
> hand, diffs carefully removing the remaining defines will be much better
> welcomed.
Being able to exclude unwanted/weak crypto's would be nice though.
>
> > I can currently build libressl with these defined, but I cannot
> > tell if any of them sholed be removed from a security perspective?
>
> If you're asking such a question, it looks to me that you have no idea
> what you are doing. What are you trying to achieve? A library so
> stripped down that it becomes useless?
Not completely lost but I am no crypto expert :) I am trying to build
libressl just for a www server which can talk with a modern www browser
and I don't have a lot of disk space.
Jocke
