Theo de Raadt <[email protected]> wrote on 2014/10/05 21:36:14: > > > > A diff back #ifdef OPENSSL_NO_FOO or shuffling the existing ones around > > > in order to get things to build will not get accepted. On the other > > > hand, diffs carefully removing the remaining defines will be much better > > > welcomed. > > > > Being able to exclude unwanted/weak crypto's would be nice though. > > I think the approach is misguided. > > Fix the applications that use bad crypto. Don't get mired up in removing > it from crypto libraries with #ifdef's, which people won't tweak to disable > it.
How then? Only way to make sure is to not use them in the long run is to not build them. Dists. can then choose when/if to remove cryptos from their system. A nice --enable/--disable knob would be nice but I don't see how to do that without any ifdefs I think this is similar to what you already did with libressl, you removed some bad code to force apps to do something better. Also, there is no way to reduced the size of this thing unless you remove the code.
