Hi,

I am working on trying to build the libraries (libcrypto and libssl) to
run on an embedded system with limited storage. To give you an idea, i have
approximately 1.5 megabytes of diskspace in the system. I need to reduce the
footprint of the libraries as much as possible.                      

We dont plan to use OCSP in our system. This is the reason we want to turn
it off and save space. Although the gain (in this specific case) is small
regarding to footprint the idea of having a configurable library is in my
opinion good. 

apps/openssl is used by some of the test scripts in the test directory. I
need to be able to run the tests to verify that I have a working library.
This is why patches for the apps/ are provided to.

BTW, if you have any suggestions, it may be config options, stuff in the
TODO lists or anything that may help reduce the footprint of the library 
please let me know.

Thank you,
Enrique


On Tue, Nov 26, 2002 at 10:39:33AM +0100, Richard Levitte via RT wrote:
> 
> I can understand wanting to disable the use of sockets.  I can't 
> understand why OCSP or speed should be disabled, however.  Please 
> explain.
> 
> [[EMAIL PROTECTED] - Sat Nov 23 19:46:14 2002]:
> 
> > Hi,
> > 
> > This patch makes it possible to build apps/openssl without the 
> speed
> > and ocsp programs and without sockets.
> > 
> > to disable apps/speed.c (openssl speed) just Configure with 
> no-speed.
> > 
> > Thank you,
> > Enrique
> > 
> > diff --exclude=Makefile.ssl -rbu /tmp/openssl-SNAP-
> >    20021120/apps/ocsp.c ./apps/ocsp.c
> > --- /tmp/openssl-SNAP-20021120/apps/ocsp.c      2002-11-13
> >    17:00:24.000000000 +0100
> > +++ ./apps/ocsp.c       2002-11-22 04:00:56.000000000 +0100
> > @@ -55,6 +55,7 @@
> >   * Hudson ([EMAIL PROTECTED]).
> >   *
> >   */
> > +#ifndef OPENSSL_NO_OCSP
> > 
> >  #include <stdio.h>
> >  #include <string.h>
> > @@ -722,7 +723,12 @@
> >                 }
> >         else if (host)
> >                 {
> > +#ifndef OPENSSL_NO_SOCK
> >                 cbio = BIO_new_connect(host);
> > +#else
> > +                       BIO_printf(bio_err, "Error creating connect
> >    BIO - sockets not supported.\n");
> > +                       goto end;
> > +#endif
> >                 if (!cbio)
> >                         {
> >                         BIO_printf(bio_err, "Error creating connect
> >    BIO\n");
> > @@ -1139,7 +1145,11 @@
> >         bufbio = BIO_new(BIO_f_buffer());
> >         if (!bufbio)
> >                 goto err;
> > +#ifndef OPENSSL_NO_SOCK
> >         acbio = BIO_new_accept(port);
> > +#else
> > +  BIO_printf(bio_err, "Error setting up accept BIO - sockets not
> >    supported.\n");
> > +#endif
> >         if (!acbio)
> >                 goto err;
> >         BIO_set_accept_bios(acbio, bufbio);
> > @@ -1226,3 +1236,4 @@
> >         return 1;
> >         }
> > 
> > +#endif
> > diff --exclude=Makefile.ssl -rbu /tmp/openssl-SNAP-
> >    20021120/apps/progs.h ./apps/progs.h
> > --- /tmp/openssl-SNAP-20021120/apps/progs.h     2002-08-26
> >    14:00:21.000000000 +0200
> > +++ ./apps/progs.h      2002-11-22 04:01:11.000000000 +0100
> > @@ -100,7 +100,9 @@
> >  #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) &&
> >    defined(OPENSSL_NO_SSL3))
> >         {FUNC_TYPE_GENERAL,"s_client",s_client_main},
> >  #endif
> > +#ifndef OPENSSL_NO_SPEED
> >         {FUNC_TYPE_GENERAL,"speed",speed_main},
> > +#endif
> >  #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) &&
> >    defined(OPENSSL_NO_SSL3))
> >         {FUNC_TYPE_GENERAL,"s_time",s_time_main},
> >  #endif
> > @@ -120,7 +122,9 @@
> >         {FUNC_TYPE_GENERAL,"smime",smime_main},
> >         {FUNC_TYPE_GENERAL,"rand",rand_main},
> >         {FUNC_TYPE_GENERAL,"engine",engine_main},
> > +#ifndef OPENSSL_NO_OCSP
> >         {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
> > +#endif
> >  #ifndef OPENSSL_NO_MD2
> >         {FUNC_TYPE_MD,"md2",dgst_main},
> >  #endif
> > diff --exclude=Makefile.ssl -rbu /tmp/openssl-SNAP-
> >    20021120/apps/speed.c ./apps/speed.c
> > --- /tmp/openssl-SNAP-20021120/apps/speed.c     2002-11-19
> >    01:00:57.000000000 +0100
> > +++ ./apps/speed.c      2002-11-21 23:33:02.000000000 +0100
> > @@ -71,6 +71,8 @@
> > 
> >  /* most of this code has been pilfered from my libdes speed.c 
> program
> >    */
> > 
> > +#ifndef OPENSSL_NO_SPEED
> > +
> >  #undef SECONDS
> >  #define SECONDS                3
> >  #define RSA_SECONDS    10
> > @@ -2569,3 +2571,4 @@
> >         return 1;
> >         }
> >  #endif
> > +#endif
> > diff --exclude=Makefile.ssl -rbu /tmp/openssl-SNAP-
> >    20021120/crypto/x509v3/ext_dat.h ./crypto/x509v3/ext_dat.h
> > --- /tmp/openssl-SNAP-20021120/crypto/x509v3/ext_dat.h  2002-06-13
> >    15:00:47.000000000 +0200
> > +++ ./crypto/x509v3/ext_dat.h   2002-11-22 09:33:10.000000000 +0100
> > @@ -90,17 +90,23 @@
> >  &v3_crld,
> >  &v3_ext_ku,
> >  &v3_crl_reason,
> > +#ifndef OPENSSL_NO_OCSP
> >  &v3_crl_invdate,
> > +#endif
> >  &v3_sxnet,
> >  &v3_info,
> > +#ifndef OPENSSL_NO_OCSP
> >  &v3_ocsp_nonce,
> >  &v3_ocsp_crlid,
> >  &v3_ocsp_accresp,
> >  &v3_ocsp_nocheck,
> >  &v3_ocsp_acutoff,
> >  &v3_ocsp_serviceloc,
> > +#endif
> >  &v3_sinfo,
> > +#ifndef OPENSSL_NO_OCSP
> >  &v3_crl_hold
> > +#endif
> >  };
> > 
> >  /* Number of standard extensions */
> > diff --exclude=Makefile.ssl -rbu /tmp/openssl-SNAP-
> >    20021120/crypto/x509v3/v3_ocsp.c ./crypto/x509v3/v3_ocsp.c
> > --- /tmp/openssl-SNAP-20021120/crypto/x509v3/v3_ocsp.c  2001-02-23
> >    05:01:03.000000000 +0100
> > +++ ./crypto/x509v3/v3_ocsp.c   2002-11-22 09:33:03.000000000 +0100
> > @@ -56,6 +56,8 @@
> >   *
> >   */
> > 
> > +#ifndef OPENSSL_NO_OCSP
> > +
> >  #include <stdio.h>
> >  #include "cryptlib.h"
> >  #include <openssl/conf.h>
> > @@ -270,3 +272,4 @@
> >  err:
> >         return 0;
> >         }
> > +#endif
> > diff --exclude=Makefile.ssl -rbu /tmp/openssl-SNAP-
> >    20021120/ssl/bio_ssl.c ./ssl/bio_ssl.c
> > --- /tmp/openssl-SNAP-20021120/ssl/bio_ssl.c    2002-01-12
> >    17:00:41.000000000 +0100
> > +++ ./ssl/bio_ssl.c     2002-11-21 23:06:11.000000000 +0100
> > @@ -526,6 +526,7 @@
> > 
> >  BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
> >         {
> > +#ifndef OPENSSL_NO_SOCK
> >         BIO *ret=NULL,*con=NULL,*ssl=NULL;
> > 
> >         if ((con=BIO_new(BIO_s_connect())) == NULL)
> > @@ -538,6 +539,7 @@
> >  err:
> >         if (con != NULL) BIO_free(con);
> >         if (ret != NULL) BIO_free(ret);
> > +#endif
> >         return(NULL);
> >         }
> > 
> > 
> 
> 
> -- 
> Richard Levitte

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to