OpenSSL source code is a disaster. It's spaghetti that doesn't do what you think it does with horrible documentation. People submit patches from people they don't even know and then you have it: An SSL library that is flawed but everyone is using it. An spying agency and hackers dream.
We don't need OpenSSL, we need another library built from scratch with very clean code and documentation.
Everyone who has more interest on why OpenSSL is a catastrophe should watch operation ORCHESTRA[0].
With ya up until this. The core crypto code works. The framework around it is aged, crufty, and could use a refactor/rewrite. But tossing the baby out is not useful here. Just wash the kid and put on some new clothes and he'll fit right in again.
LibreSSL is going in the right direction (specific questionable decisions notwithstanding). Hopefully someone will bring over some of that love to the main codebase.
Agreed. Even Theo sees the value in a popular but crappy crypto lib that works that just needs a good gutting. Starting from scratch would be costly reinventing a security wheel and likely incompatible with OpenSSL... IOW dead-on-arrival.
We don't need OpenSSL, we need another library built from scratch with very clean code and documentation.
Everyone who has more interest on why OpenSSL is a catastrophe should watch operation ORCHESTRA[0].
[0] https://www.youtube.com/watch?v=fwcl17Q0bpk