Jeffrey Altman wrote:
>
> > Frank O'Dwyer wrote:
> > >
> > > Hi,
> > >
> > > Is it still possible to build OpenSSL without RSA support? The configure
> > > script doesn't mention -DNO_RSA as an option, and when I went ahead and
> > > specified it anyway, the build was broken in a number of places. Are
> > > there any other flags I need to add?
> > >
> >
> > It is broken and IMHO for this stuff to work properly it should also not
> > compile anything in the crypto/rsa directory. The current build process
> > doesn't support this and things like the Win32 build need the DEF files
> > manually patched.
> >
> > I was looking into how to do this cleanly but it wont make it into
> > 0.9.2. I'll have another look after the 0.9.2 release.
>
> The quick fix solution is to place #ifndef NO_RSA around every file in
> crypto/rsa and then to add stub functions that only return an error
> value NOT_COMPILED when called.
>
> This would avoid the .DEF issues in Win32 and any need to change the
> build procedures.
I'm not sure I like this, because you have no strong assurance that
you've successfully eliminated RSA everywhere, and it also means that
programs that use OpenSSL can only be certified RSA-clean with runtime
testing.
I agree that #iffing the entire source file is the way to go, though.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
