On Tue, Jul 15, 2008 at 11:44 PM, Richard Conlan <[EMAIL PROTECTED]> wrote: > Greetings! > > So, I have a handful of relatively esoteric questions. > > Say I have binaryX that will use both libcrypto and libssl. > > 1) Is it dangerous to statically link the one and dynamically link the > other? what if the versions mismatch?
The risk there is that 1) API enhancements may appear over time. It does not happen all that often, but there's one that I have seen: the ASN.1 interface (macros, etc.) has been greatly improved since 0.9.5. Using a libcrypto 0.9.5 definitely wouldn't work with a libssl 0.9.9. 2) using static builds has a benefit: you know exactly what your application is going to get SSL-wise: you will be sure it is installed on the target system because you brought it along. The drawback is that you have to provide your own update path to track security fixes -- that is compared to an OS/platform where others do the tracking and updating for you (e.g. active Linux distros with dynamic libraries). > 2) Does anybody know the version of OpenSSL included by default on the > various versions of OSX? Sorry, no. > 3) I've tried building a version of OpenSSL for ppc7400 + i386 according to: > http://developer.apple.com/opensource/buildingopensourceuniversal.html. Are > there additional steps I could be doing to optimize the build further, > especially that would shrink the additions to the final binaryX statically > linked against the Universal libcrypto.a? I scanned the page you referred to and indeed there's more you can do if you desire to reduce your disc footprint when statically linking. For this, you will need to make an inventory of which crypto algorithms and protocol sections of OpenSSL you are using; OpenSSL has several configurable flags (often labeled OPENSSL_NO_...) which will remove certain crypto algorithms, SSL protocol versions and other subsections (e.g. hardware crypto engines) at compile-time. HTH -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
