Topic: Minimal build for https client?

What would be the minimal configuration in order to successfully connect to and get a web page from a typical (amazon, google) secure web server? Does --enable-small strip out too much? Would what files to include  when verifying vs. not verifying certificates change a lot?

One other question: --enable-small says "minimal build" and apparently yields about 40k... But another post said OpenWRT got it down to 15k for embedded ssl and it's apparently still usable. What's the philosophy of the minimal build - how does OpenWRT's idea of minimal differ from the configure option?

Thanks!

Share

Re: Minimal build for https client?

Hi,

Minimizing wolfSSL build sizes depends on what protocols, ciphers, and cipher suites you are looking to use.  Using the --enable-small build option will give you a fully working wolfSSL client and server, but several features will be disabled.  Currently --enable-small disables the following features:

TLS, HMAC, AES, 3DES, SHA-256, Error Strings, HC-128, RABBIT, PSK, DSA, and DH

If you are only going to be using client functionality, the server parts can be disabled by defining NO_CYASSL_SERVER.  See the "Building wolfSSL" document (sections III and V) for a list of build options and defines.  For certificate verification, wolfSSL verifies all certificates internally by default unless it is turned off, but the files needed shouldn't change.

What's the philosophy of the minimal build - how does OpenWRT's idea of minimal differ from the configure option?

I'm not positive of the configuration used in the OpenWrt example, but the standard build size with a client and server functionality on an embedded platform is usually <= 60k.

Regards,
Chris