Angus Robertson - Magenta Systems Ltd <angus@xxxxxxxxxxxx> wrote: > Also, there is an assumption OpenSSL is only used by other C developers, > by the use of public macros that are not usable in any other language. > BoringSSL replaced macros with exports and OpenSSL should consider > doing the same. This. > There needs to be more task oriented documentation, for instance > collecting the APIs needed to create a CSR or certificate, using APIs > rather than command line tools which is where much of the documentation > currently resides. For instance there is no documentation about > building a stack of extensions to add SANs to requests and certificates > so a lot of research is needed to adds SANs to a certificate. My claim is that much of the "applications" should be removed from the core system, and should be re-implemented in a cleaner way using the APIs. I.e. into a separate git repo with it's own release schedule. They should serve as exemplars for using the APIs, which they are often are not. In particular, the way that many things are only doable via "configuration file" is a serious problem. Yes, the applications are used as part of the tests, but I'm not saying that they shouldn't be pulled in as a github. Could Perl wrapper be used for more? Could it be used exclusively? (No calls out to "openssl ca" to generate a certificate...) The tests do not serve as particularly good examplars, because of the mix of C and perl, sometimes the perl is just running some .c code that was compiled... sometimes not. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature