libevent: why does it depend on openssl?

Question

About to compile libevent from sources, I just noticed that it seems to have a dependency on OpenSSL for encryption o_O.

This sounds like bloat.

1. What does a library that provides OS-independent asynchronous IO abstractions need encryption for?
2. How can it justify a dependence on OpenSSL which I assume is also large and complicated?

---

libevent-2.0.21-stable/README

38 The configure script also supports the following flags:
39 
40    --enable-gcc-warnings     Enable extra compiler checking with GCC.
41    --disable-malloc-replacement
42                              Don't let applications replace our memory
43                              management functions
44    --disable-openssl         Disable support for OpenSSL encryption.
45    --disable-thread-support  Don't support multithreaded environments.

Answer 1

From whatsnew-2.0.txt:

5.4. SSL support for bufferevents with OpenSSL

   There is now a bufferevent type that supports SSL/TLS using the
   OpenSSL library.  The code for this is build in a separate
   library, libevent_openssl, so that your programs don't need to
   link against OpenSSL unless they actually want SSL support.

   There are two ways to construct one of these bufferevents, both
   declared in <event2/bufferevent_ssl.h>.  If you want to wrap an
   SSL layer around an existing bufferevent, you would call the
   bufferevent_openssl_filter_new() function.  If you want to do SSL
   on a socket directly, call bufferevent_openssl_socket_new().

It's for your convenience, if you need SSL sockets. If you do not need it, why not simply disable it using the option from the README snippet from your question?