Speaking of this, OpenSSL can currently be configured with quite a lot
of algorithms disabled. Disabling some of them unfortunately leads to
a ridiculous amount of errors and disables a lot more than expected.
Disabling algorithms like MD5 and HMAC completely trashes the
possibilities to use SSL or TLS1, for example. Also, the SHA
algorithms *can't* be disabled, which seems incomplete or something
like that.
I suggest we look over all these disabling possibilities and decide
which algorithms really need this. Is there really a risk having MD5
or HMAC always compiled in?
(I just did a test with all algorithms that had a #error in it's
include file disabled. The results are not pretty, trust me :-/)
Martin.Kraemer> When incoking "./config no-idea" and compiling, I get this:
Martin.Kraemer>
Martin.Kraemer> gcc -DMONOLITH -I.. -I../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_KRB5 -DOPENSSL_NO_IDEA -DOPENSSL_NO_THREAD -DTERMIOS -DL_ENDIAN
-fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c version.c
Martin.Kraemer> In file included from version.c:121:
Martin.Kraemer> ../include/openssl/idea.h:63: #error IDEA is disabled.
Martin.Kraemer> *** Error code 1
Martin.Kraemer> Stop in .../openssl-0.9.7-dev/apps.
Martin.Kraemer> *** Error code 1
Martin.Kraemer> Stop in .../openssl-0.9.7-dev.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
