Suggestions for deploying openSSL dlls

I made a simple application that uses Indy and requires OpenSSL dlls.

I am not going to write an installer for it, so I have 2 options:

1) deploy it by copying the application exe + libeay32.dll + ssleay32.dll in the same folder

2) put libeay32.dll and ssleay32.dll in the exe resources and extract them to the applicationpath on program start (but this can may be a problem in case I am running the exe on a windowsserver 2008 or windows vista and I used the Program Files f开发者_运维知识库older to "deploy")

Can you comment on those techinques or suggest a better approach?

You could stick with option 1) :D

Or, you could use a variation on number 2, but extract them to the application data path:

GetSpecialFolderPath(CSIDL_LOCAL_APPDATA))

and use

SetDLLDirectory(DirectoryPath:PWideChar) 

to specify where to load dll's from

Of course, to be perfectly honest, it's quicker just to write a simple installer!

Edit: Oh, and yes, as UnixShadow mentioned, hash the dll's so you can be sure that you're using the correct files!

Option 3: use Inno to install it! You may have a good reason for not wanting to use an installer, but in case your reason is you think it's too expensive (in time or money), you might check out Inno. I started using it earlier this year and was amazed at how easy it is to learn and use. And, it's free!

Of course the side benefit of learning Inno is that you'd have it available in the future for other projects...

Depending on the nature of the application, you could consider compiling it with Lazarus.

I know, I know, it is a far stretch, and I don't know sb who has actually done this with openssl, so it is probably too much work. Still I wanted to make a note of this theoretical solution.

This because FPC/Lazarus is mingw compatible, and can use the same (GNU linker), you could try to link mingw libs (.a's) statically.

Some people in the past have experimented with it, and I have heard people succeed in this with mysql, but unfortunately they didn't give details.

So I have no conclusive proof that it worked, which makes it a bit academical.

I would install them in the same folder (option 1), with the addition to actually MD5 the two dlls when starting my program. To try to verify that they haven't been modified. This does not help a lot when it comes to security cause a hacker might as well modify my MD5 sum I would compare against. But it would at least stop the program from using corrupt dlls. Ofcourse this would also block out the possibility to update the dlls without updating the main application (on good an bad).