Re: [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



LOL. Amen to that. It has gotten a WHOLE lot better. I started with OpenSSL
somewhere around 2010 and the documentation was EXTREMELY sparse to say the
list. Lots of functions documented as "under construction."

Charles


-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of
Michael Wojcik
Sent: Monday, December 3, 2018 10:58 AM
To: openssl-users@xxxxxxxxxxx
Subject: Re:  [EXTERNAL] Re: Self-signed error when using
SSL_CTX_load_verify_locations CApath

> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf
> Of Charles Mills
> Sent: Monday, December 03, 2018 10:53
>
> I appreciate it. OpenSSL is of course a great product but it can be a
little
> mystifying to debug.

If I were ever to write a book about OpenSSL, "a great product but a little
mystifying" would be an appropriate epigraph. Maybe Ivan should use it for
the next edition of his OpenSSL Cookbook. (Recommended, by the way, or its
larger sibling Bulletproof TLS; find them at feistyduck.com.)

Not that it hasn't gotten better over the years: better encapsulation and
abstraction, a lot more convenience functionality, a lot more explanation
and samples on the OpenSSL wiki (which I think didn't even exist when I
first started using OpenSSL). I have great appreciation for the team's
efforts. But SSL/TLS is a great big ball of hair to begin with, and while I
have tremendous respect for Eric Young, Steven Hensen, and the rest of the
original contributors, the OpenSSL source is not exactly a monument to
readability. (Though even in the early versions there were some important
steps in that direction, like mostly consistent, safe naming conventions for
external identifiers, thank goodness.)

--
Michael Wojcik
Distinguished Engineer, Micro Focus

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux