Meaning of no-xxx option

Dmitry Belyavsky beldmit at gmail.com
Sun Oct 18 09:27:54 UTC 2020


Dear Kurt,

The situation in 1.1.1 was a bit fuzzier than you say.

E.g., openssl built with no-gost in fact permits loading an engine for use
in X.509/CMS, but GOST TLS support becomes unavailable.

On Sun, Oct 18, 2020 at 10:33 AM Kurt Roeckx <kurt at roeckx.be> wrote:

> Hi,
>
> It seems that we might start to interprete the no-xxx options
> differently. In 1.1.1 it would completly disable the feature in
> libcrypto, the apps and libssl. It seems that now the
> interpretation changed to just disable the support for it in the
> provider. You might load a different provider that does support
> it, and so the apps and libssl can use it then.
>
> My interpretation was always that we want to completly disable the
> feature, for instance because we don't want to use it at all or we
> want to reduce the size of the binries.
>
>
> Kurt
>
>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20201018/f473c281/attachment.html>


More information about the openssl-project mailing list