On 10/16/2012 7:25 AM, Charles Mills wrote:
I have a Windows-only OpenSSL application developed in VS 2010. I have now
been tasked with creating parallel "regular" and "exportable" (from the US)
distributions of the application.
I UNDERSTAND YOU CAN'T GIVE LEGAL ADVICE. I'M ONLY LOOKING FOR TECHNICAL
INPUT HERE.
The application statically links to libeay32XX.lib and ssleay32XX.lib. The
application starts out by calling "applink()." The distribution includes
libeay32.dll and ssleay32.dll.
If you are linking to OpenSSL DLLs, then your application isn't
statically linked against OpenSSL. .lib files can simply be references
to exports in .dll files.
Am I correct in the following premises?
- All of the actual encryption algorithms are in libeay32.dll? (And
ssleay32.dll?) As I describe my architecture above, my distributed main
executable does not contain actual encryption algorithms; they're only in
the DLL(s)?
- It should be possible to create and distribute a "weak encryption only"
build of libeay32.dll?
Anyone could simply install different binaries and delete yours.
Personal confession/personal advice time: I have 44 years of experience as a
programmer, 40 of it as a successful commercial product developer, but no
knowledge of "make" beyond a grasp of the purpose and concept. (Most of
those 44 years are on a platform with no tradition of make; the remainder
are exclusively with the MS VS IDE and its predecessors. Make fun of me if
you wish.) Question: assuming I am correct that I need to build my own
version of libeay32.dll, do you think it's a shorter path to learn make, or
to try to do it with MS VS 2010? I am guessing the former. Is there
somewhere a "ready to roll" MS VS project that builds the DLLs?
No there isn't. Well, okay, there is some ancient VS workspace but no
one uses it. It is better to follow the README.WIN32 instructions.
Is there a configure (is that the right term?) option for "weak encryption
only"? I see the no-<specific cipher> flag but is there a no-strong-ciphers
sort of option? I know that SSL_CTX_set_cipher_list() supports the LOW and
EXP keywords so OpenSSL must "know" what are the so-called export ciphers.
A better approach is to dynamically link against OpenSSL and then call
that function with the export cipher list in your export build. That
way, you can easily replace just the OpenSSL DLLs as new versions come
out AND it keeps people from replacing your DLLs with other DLLs and
causing unintended side effects. It seems cleaner to me anyway.
Would appreciate any additional miscellaneous tips.
Charles
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org