hostapd - support for embedded very small ssl implementations

Stephan (Freifunk Dresden) stephan at freifunk-dresden.de
Sat Dec 16 05:25:52 PST 2017


Hi,  hope that some one has read
my last email and will support the idea
replacing openssl by intermediate layer allowing to link to different SSL implementations. 
We need this possibility as openssl is with almost 1mbyte too big for 4mbyte flash devices. 
Thanks a lot if you can provide such a layer on top of openssl.  See may last email please. 
Br  Stephan 
Freifunk Dresden 


On 13 December 2017 16:55:15 CET, Stephan <stephan at freifunk-dresden.de> wrote:
>
>Hey,
>
>
>Because ad-hoc wifi will slowly be replaced by mesh, 
>openwrt/lede-project
>should be able to use hostapd with mesh BUT without hard coded 
>dependencies to
>openssl.
>
>Openssl implementation is extremly large for embedded systems running
>on
>4Mbyte flash devices. It is simply not possible to create own router 
>firmware
>with mesh support.  Freifunk firmware (freifunk.net in germany) depends
>
>on
>4Mbyte flash routers.
>
>The openwrt/lede-project has implemented an intermediate layer
>(ustream)
>where a lot of ssl-applications linked against.
>
>The user may then choose from different ssl implementations:
>  - cyassl
>  - mbedtls
>  - openssl
>
>for each of those implementations there is its own
>  libustream-cyasll
>  libustream-mbedtls
>  libustream-openssl.
>
>this lets the freedom to switch ssl implementations without need to 
>change
>applications like https webserver, vpn, .....
>
>openwrt/Lede-projects provides a package of hostapd with mesh support. 
>But
>this implementation still relies on openssl.
>
>It would be create if hostapd implements such a layer between itself
>and
>openssl, so other people may easily switch to different ssl 
>implementation.
>The ustream api may be suitable.
>
>With this solution, wolfssl could also be supported. view month ago (I 
>believe August)
>there was a patch for wolfssl provided in this mailing list.
>
>
>Another question: when I only want to use mesh as replacement for adhoc
>
>and without
>any mesh routing defined by 802.11s, do I need ssl ? If not, can I 
>configure hostapd
>build process to only have mesh functionality which is similar to
>adhoc?
>
>
>Bye
>  Stephan

Freifunk Dresden 



More information about the Hostap mailing list