All geek questions in one place

Is the OpenSSL static library too large, any alternative or a way to reduce its size?

I used the pre-build static libs of OpenSSL 1.0, but it makes my binary too large (increase its size by about 800Kb in release mode).

I do not need most of the OpenSSL functions, such as BIO, I use my own sockets, so in the code I use only a couple of calls SSL_XXXXXXXXX (SSL_accept (3) or SSL_connect (3), SSL_read (3) and SSL_write (3))

My only requirement is SSLv2 / v3 support with winsock on windows and linux sockets for client and server sides (for C ++)

Is there a way to make OpenSSL a lot smaller (maybe compile it myself) or, in the worst case, any other good, but more transparent SSL library that meets my requirements? Lib must be linked statically.

thank you

+4
source share
3 answers

I think you want this page, specifically the section on code size:

https://en.wikipedia.org/w/index.php?title=Comparison_of_TLS_implementations&oldid=585386367#Code_size_and_dependencies

(December 2013)

update : alas, is no longer part of the updated page.

+4
source

You can try to compile it yourself using --ffunction-sections and --fdata-sections , in which gcc puts each function and global data variable in a separate section inside the object.

(When using static libraries, the linker copies the entire object that contains the desired function from the archive to the application.)

+3
source

OpenSSL has a large number of compile-time options for controlling which functions are built-in. I believe that SSL functions use BIO under it, so you will still need it, but there are many other functions that you can probably get around (for example, ciphers that you will not use, encryption of envelopes, support for S / MIME .. .).

I'm not sure how much this will reduce the size of the binary, but it's worth a try.

+1
source

Source: https://habr.com/ru/post/1345027/

More articles:


All Articles