On Wed, Jul 23, 2003, steve thornton wrote:

> Yes I've noticed this. Basically I am making an embedded client, and am
> looking for every way possible to reduce code size, and obj_dat is very big.
> I've more or less concluded that it is not worth the trouble, but 24k is
> 24k.
> It surely should be possible to parse the essential info (Issuer, Subject
> and public key info etc.) from a cert. without having all the machinery that
> is in OpenSSL, but achieving that within the context of OpenSSL at present
> would be a *lot* of work. Would you agree, have you any comments?
> 

Well if its embedded then binary compatibility wont matter if you can just
recompile everything.

You can delete a large number of objects in objects.txt without any major
harm. 

There are other areas you can also look into to reduce code size such as
crypto and digest algorithms, extension code, PKCS#12, PKCS#7, ENGINE etc etc.

It would be *very* difficult to try to restrict OpenSSL to the sizes
claimed for some SSL libraries (40K I've heard quoted for one), so hard in
fact that starting again might be less effort.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to