Hello Tomas Mraz,
it is somewhat unclear to me why do you consider the migration_guide(7)
useless in this regard. Citing it:
[...description...]
The openssl documentation may be logical for someone who knows all the
parts and how they work together, but for everybody else it's a large
glob of isolated files which you simply can't bring together. You have
pages which sometimes describe dozens of functions which seldom have
examples and at least for me they don't help.
My initial TLS implementation took me days (although I do nothing except
loading the parameters (key,cert,chain) and setup the stuff). Mostly I
only got that done looking at the openssl tools and how they do it. AFTER
you know how the code looks like the documentation helps but not to
getting to this state. Essentially for me the documentation thus always
was only a means to verify that the examples I used actually are correct
and not written by somebody who also doesn't understand it.
I already looked for more than 4 hours at openssl 3 documentation and
wasn't able to find the correct approach even after trying lot's of
variants of the functions which Viktor showed in his example code (which
BTW now took me about 20 minutes to understand, implement and test).
So yes. In my opinion the migration guide is useless. E.g. examples
wouldn't hurt like
When you did this before
...
then replace it with that now
...
That usually brings you to the right way even when not fully matching your
code.
Actually I very much would like a function like
SetupTLS(const char **files, const char *cipherspec, const char *parameters)
Which I call and pass the user supplied files and optional parameter
strings and openssl simply cares itself about the stuff and provides me a
ready to use context. But that's probably too much to wish for. ;-)
Freedom in Peace
--
https://www.dstoecker.eu/ (PGP key available)