Compiling with external PolarSSL, source repository ?

Thomas Petazzoni
22 March 2012, 23:44

I am currently investigating Hiawatha+PolarSSL on an ARM platform as a replacement for Lighttpd+OpenSSL, the most interesting feature of Hiawatha+PolarSSL in my case being the much smaller storage footprint. So far, I've been able to build it and run easily which is nice.

I however have two questions :

- Would it be possible to build Hiawatha against an external PolarSSL rather than using the one bundled with the Hiawatha source code? In other words, are there special modifications to PolarSSL (in the polarssl/ directory of the source tree) to make it work with Hiawatha, or is it just a matter of build system? If the latter, would a patch to the CMakeLists.txt file be accepted to implement this possibility as an option?

- I couldn't find the source code repository (Git, Subversion, Mercurial or something else) for Hiawatha. Is one available? It would be really good to allow others to contribute, and access to a source code repository is a good sign of a project's vitality, which is an important decision criteria for using Hiawatha in my context of an industrial embedded Linux system.

Thanks for this project,

Hugo Leisink
24 March 2012, 21:44
The PolarSSL library that comes with Hiawatha is an unchanged copy of the PolarSSL website. I've only removed some test applications. The reason for shipping PolarSSL with Hiawatha is to make it easy for the user to compile Hiawatha.

There is no source code repository. The reason for this is that I don'y really trust other programmers. I know that there are a lot of good programmers out there, but the amount of bad programmers is far greater. And since this is a security-focussed, I can't have people adding crappy code to this project.
David Oliver
25 March 2012, 14:33
The source code repository is actually one thing I wanted to bring up with you, Hugo. I think having a publicly-viewable repo in very clear view on your home page would be a good thing, and reassure people that you're utilising peoples' contributions/bug reports/etc. I think it would drastically change many potential users' perceptions of the likely longevity, and, as Thomas said, its vitality.

You would still remain in complete control of your online repo, of course, as you wouldn't give others write permissions. If this was at Github, they would submit pull requests which show you what their changes are, and you'd then discuss/accept/reject. Here's an example of a pull request []. (Sorry if you knew all that already. )
This topic has been closed.