> - US Export control issues. We only need DSA, SHA1, MD5, and randomness
> (and possibly RSA when the patent expires). Since BIND must be
> exportable, it would be nice to be able to strip out the code for unneeded
> algorithms before running config, so that we can distribute a subset in the
> BIND distribution.
As mentioned in INSTALL, this requires that you run "make depend".
The makedepend binary comes with Linux, for example. (In the current
development version, config checks for missing ciphers. In 0.9.3a you
still need to give the corresponding no-xxx options manually.)
> - Cipher disables. Many of the ciphers can be disabled by config
> options. Some of these don't work (no-hmac dies with an #error,
> no-ripemd has no effect).
Fixed. Thanks for pointing it out.
I have verified that you can now build libcrypto (except for the PRNG)
with no ciphers at all :-) and ssl/ and apps/ with just rsa, des, md5,
sha and hmac.
> - Other disables. Options such as no-asn1, no-pkcs7, no-pkcs12, no-x509
> would be useful, as these would significantly shrink the size of libcrypto.a
> as well as the source.
That is a very useful suggestion. I'll look into it in a week or so.
> Disabling SSL would be nice also, but isn't as
> important, since it's not linked into libcrypto.
You can just ignore the ssl directory completely. If you run make in
the crypto directory, SSL/TLS doesn't get compiled.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
