Wolfssl and openssl both?

Hello, I'm not really a developer, but I do build my openwrt from source on a regular basis. I think questions about building belong in this subforum.

One of my target is a "tiny" Atheros, so every byte counts. Example: I recently had to give up curl because of image space.

Over time, I have added and removed packages in menuconfig, and now I noticed my personal config has both openssl and wolfssl. One of the two could be unneeded. Are they interchangeable? How do I go about removing one of them without leaving orphaned packages?

You should look at the output of scripts/diffconfig.sh that shows the package and settings You currently have. Take that as new .config and edit it and delete the unknown package lines and leave only those that you have actively selected. Then run make defconfig . That will fetch all needed dependencies and you will again have a normal .config file.

You may also need to select the package options suitably that you select the openssl variant of a package. Some packages have mbedssl as s default. E.g. ustreamtls for Luci https.

I have been tweaking my own build to be openssl-only, so there is no mbedtls or wolfssl

2 Likes

Like @hnyman, I build with OpenSSL only.

It seems that the order of adding packages can impact later additions bringing in other TLS libraries, so I typically will add OpenSSL first, then things that use TLS. Adding OpenSSL after, for example, wolfssl has been brought in by curl or the like, won't remove wolfssl from the build.

1 Like

It seems that the order of adding packages can impact later additions bringing in other TLS libraries, so I typically will add OpenSSL first, then things that use TLS. Adding OpenSSL after, for example, wolfssl has been brought in by curl or the like, won't remove wolfssl from the build.

Interesting... so if one wanted to completely remove openssl from the build to use 100% wolfssl stuff:

make menuconfig
   ### from the menuconfig disable wpad-openssl and enable wpad-wolfssl
./scripts/diffconfig.sh > new
vim new
   ### edit new removing all lines containing OPENSSL and place all lines containing WOLFSSL on top
mv new .config
make defconfig

That seems to have the desired effect. Here is a diff (new config on left and old config on right).

1 Like

Wow, a useful reply 2 years later... I wasn't hoping for it. Thank you @darksky!
(and of course @jeff and @hnyman, who were rather timely) :slight_smile:

1 Like