I have used pre-build static libs of OpenSSL 1.0, but it makes my binary too big, (increase its size by about 800Kb in release mode).
I do not need most of the feature of OpenSSL such as BIO, I use my own sockets, therefore in the code I am only using a couple of SSL_XXXXXXXXX calls(SSL_accept(3) or SSL_connect(3), SSL_read(3) and SSL_write(3))
My only requirement is support SSLv2/v3 with winsock on windows, and sockets on linux for both client and server side (for C++)
Is there anyway to make OpenSSL much smaller (maybe by compiling it myself) or, in last resort, any other good but more lightwight SSL library that meet my requirements? The lib must be linked staticly.
Thanks you
OpenSSL does have a large number of compile-time options to control what features are built. I believe that the SSL functions use
BIO
s underneath, so you'll still need those, but there's a lot of other functionality you can probably go without (like ciphers you won't use, envelope encryption, S/MIME support...).I'm not sure how much it will reduce the binary size by, but it's worth a try.
I think you want this page, particular the section on code size:
http://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations
You can try compiling it yourself with
--ffunction-sections
and--fdata-sections
, which tells gcc to put each function and global data variable in a separate section inside the object.(When using static libraries, the linker copies the entire object which contains the needed function from the archive to the application.)