Wolfssl (or openssl) vs mbedtls

Folks

For a long while, I routinely removed the basic from wpad and used either the wolf or the openssl as it gives me full functionality and does not take up way too much space. I think I started doing this when I first did fast roaming for wifi.

Now, the OpenWrt has started to use mbedtls and I can easily drop basic to get to wpad-mbedtls and I suspect that this would be least complicated than removing dependencies as well.

Is there any pointer on why mbedtls has been preferred over the openssl (or wolfssl)? Also will fast roaming work between wpad-mbedtls and wpad-openssl?

Appreciate your help.

Anil

All your answers in this thread:

And yes, mbedTLS has a way smaller footprint than OpenSSL.

Thanks for the quick response. While small footprint is an advantage but not much for an average install. I will perhaps go back to openSSL for my install. Will this recipe work:

root@BR2-EX6150V2-C9AE:~# opkg whatdepends *tls*
Root set:
  wpad-basic-mbedtls
  libustream-mbedtls20201210
  libmbedtls12
What depends on root set
root@BR2-EX6150V2-C9AE:~# 


**The following is what I propose to do to get my wpad-openssl working:**

opkg remove wpad-basic-mbedtls libustream-mbedtls20201210 libmbedtls12

opkg install wpad-openssl

reboot;exit

> Blockquote

Do you think this will work? I am not an expert, hence asking.

Thanks.

The more important question to ask is: do you have the flash space at all on your EX6150 v2? And do realise removing packages does not free up any space. Installing packages, however, consumes space from your overlay. Better use the image generator to prep an image with OpenSSL included.

Is there a read-me on that or a thread.
Asking for a friend.

Your rootfs is read-only. All OpenWrt does is mark those packages and files you remove as such: as removed. But since it's read-only... You're never freeing up any space.

1 Like

I swear I asked this once before and called it ROM and was shot down with "how do you think packages are added?"

But I have a little better understanding now.

Thank you.

Boils down to the same doesn't it. Except OpenWrt handles 'removal' on the overlay, where it also installs stuff with opkg. Which is why both those operations claim space.

1 Like

Hi Borromini:

I do make an sysupgrade image for two reason:

  1. This is space efficient and I save this firmware for future use.
  2. I add script to give me a wifi enabled access point for configurations. All my laptops now do not come with Ethernet.

I use EX6150 as dumb fast roaming access point and have lot of vacant space on them after the sysupgrade. Pls see:

The files system is a union file system with upper and lower. And the default is kept in one and the changes are kept in the other. As a result, removing does not actually remove from the flash. Unless, we make a custom firmware image which eliminates the need to say replace dnsmasq with dnsmasq-full or wpad-basic-mbedtls with wpad-mbedtls. The guru on this forum may know even more. I just have a spreadsheet on which I keep the packages and script I add when I go from rev to rev upgrades.

1 Like

Thank you, that helped a lot.

I'm starting to get a 3d picture of it (even though it is not) but darn it would be nice if someone conceptualized it as a 3d drawing.

Visual is hard...

1 Like

It's sad that the WolfSSL creates such comparison just with OpenSSL without mbedTLS - https://www.wolfssl.com/comparing-wolfssl-vs-openssl/ ...