Search code examples
encryptionopenssldependencieslibevent

libevent: why does it depend on openssl?


About to compile libevent from sources, I just noticed that it seems to have a dependency on OpenSSL for encryption o_O.

This sounds like bloat.

  1. What does a library that provides OS-independent asynchronous IO abstractions need encryption for?
  2. How can it justify a dependence on OpenSSL which I assume is also large and complicated?

libevent-2.0.21-stable/README

38 The configure script also supports the following flags:
39 
40    --enable-gcc-warnings     Enable extra compiler checking with GCC.
41    --disable-malloc-replacement
42                              Don't let applications replace our memory
43                              management functions
44    --disable-openssl         Disable support for OpenSSL encryption.
45    --disable-thread-support  Don't support multithreaded environments.

Solution

  • From whatsnew-2.0.txt:

    5.4. SSL support for bufferevents with OpenSSL
    
       There is now a bufferevent type that supports SSL/TLS using the
       OpenSSL library.  The code for this is build in a separate
       library, libevent_openssl, so that your programs don't need to
       link against OpenSSL unless they actually want SSL support.
    
       There are two ways to construct one of these bufferevents, both
       declared in <event2/bufferevent_ssl.h>.  If you want to wrap an
       SSL layer around an existing bufferevent, you would call the
       bufferevent_openssl_filter_new() function.  If you want to do SSL
       on a socket directly, call bufferevent_openssl_socket_new().
    

    It's for your convenience, if you need SSL sockets. If you do not need it, why not simply disable it using the option from the README snippet from your question?