Thanks for that Steve, that was the conclusion I had just come to. Now I
need to convince by bosses. I wonder if they'll pay me to write things from
scratch?

Steve

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: 23 July 2003 13:52
To: [EMAIL PROTECTED]
Subject: Re: Please help


On Wed, Jul 23, 2003, steve thornton wrote:

> Yes I've noticed this. Basically I am making an embedded client, and am
> looking for every way possible to reduce code size, and obj_dat is very
big.
> I've more or less concluded that it is not worth the trouble, but 24k is
> 24k.
> It surely should be possible to parse the essential info (Issuer, Subject
> and public key info etc.) from a cert. without having all the machinery
that
> is in OpenSSL, but achieving that within the context of OpenSSL at present
> would be a *lot* of work. Would you agree, have you any comments?
>

Well if its embedded then binary compatibility wont matter if you can just
recompile everything.

You can delete a large number of objects in objects.txt without any major
harm.

There are other areas you can also look into to reduce code size such as
crypto and digest algorithms, extension code, PKCS#12, PKCS#7, ENGINE etc
etc.

It would be *very* difficult to try to restrict OpenSSL to the sizes
claimed for some SSL libraries (40K I've heard quoted for one), so hard in
fact that starting again might be less effort.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to