LOL. Amen to that. It has gotten a WHOLE lot better. I started with OpenSSL somewhere around 2010 and the documentation was EXTREMELY sparse to say the list. Lots of functions documented as "under construction." Charles -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Michael Wojcik Sent: Monday, December 3, 2018 10:58 AM To: openssl-users@xxxxxxxxxxx Subject: Re: [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf > Of Charles Mills > Sent: Monday, December 03, 2018 10:53 > > I appreciate it. OpenSSL is of course a great product but it can be a little > mystifying to debug. If I were ever to write a book about OpenSSL, "a great product but a little mystifying" would be an appropriate epigraph. Maybe Ivan should use it for the next edition of his OpenSSL Cookbook. (Recommended, by the way, or its larger sibling Bulletproof TLS; find them at feistyduck.com.) Not that it hasn't gotten better over the years: better encapsulation and abstraction, a lot more convenience functionality, a lot more explanation and samples on the OpenSSL wiki (which I think didn't even exist when I first started using OpenSSL). I have great appreciation for the team's efforts. But SSL/TLS is a great big ball of hair to begin with, and while I have tremendous respect for Eric Young, Steven Hensen, and the rest of the original contributors, the OpenSSL source is not exactly a monument to readability. (Though even in the early versions there were some important steps in that direction, like mostly consistent, safe naming conventions for external identifiers, thank goodness.) -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users