<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-forward-container">Back on 13 May 2016 I had
proposed by email to a couple of people including Rich Salz<br>
<div class="moz-cite-prefix">a third library level (on top of
crypto and ssl) with more high-level, application-oriented code.<br>
His response was:<br>
<blockquote type="cite">
<pre wrap="">That is a really interesting idea. Please bring this up on openssl-dev mailing list.</pre>
</blockquote>
<br>
Then I posted that by mistake unfortunately not in the right
forum but at:<br>
<a
href="https://groups.google.com/forum/#%21topic/mailing.openssl.dev/FOL2afc3cb8">https://groups.google.com/forum/#!topic/mailing.openssl.dev/FOL2afc3cb8</a><br>
I quote my post here for convenience:<br>
<blockquote type="cite">So far, the OpenSSL code has essentially
a three-level structure with a hierarchy of two libraries and
a command-line application at the top:
<br>
<br>
apps/openssl
<br>
libssl
<br>
libcrypto
<br>
<br>
In the apps/ directory there is various generally useful code
like handling crypto-related files and messages, general TLS
client/server and CA functionality, implementing parts of
protocols like S/MIME, CRL, and OCSP, and certainly more to
come. <br>
<br>
While this code serves as a model for using the libraries and
it can be used in a limited way by invoking the openssl
application binary, it cannot be re-used directly. Other
applications that need similar functionality need to
copy/re-implement and then maintain portions of that code.
<br>
<br>
On the other hand, the libraries contain some code that is
actually too high-level for them, for instance the minimal
HTTP client as part of the crypto library
(crypto/ocsp/ocsp_ht.c).
<br>
<br>
It would be very helpful to introduce a further level in the
hierarchy consisting of a more application-oriented library:
<br>
<br>
apps/openssl
<br>
libtlsapps <-- new (with tentative name here)
<br>
libssl
<br>
libcrypto
<br>
<br>
Then all more high-level and application support functionality
will go there. This would make much of the generally useful
code that so far resides in the apps/ folder directly
accessible to other
<br>
applications at the programming level, i.e., in the form of a
library/API, with all the re-usability advantages that this
brings. It would also relieve libcrypto from more
application-/high-level topics like HTTP.
<br>
<br>
This library would also form an ideal condensation point for
further high-level uses of TLS that may in the future get
integrated with OpenSSL, like CMP and EST implementations.
</blockquote>
<br>
I recently learned that <a moz-do-not-send="true"
href="https://www.libressl.org/">LibreSSL</a>
already/meanwhile has something in this direction:<br>
<ul>
<li><a href="https://man.openbsd.org/?query=tls_init"> libtls</a>:
a new TLS library, designed to make it easier to write
foolproof applications</li>
</ul>
I believe this would be of great benefit also for OpenSSL
itself.<br>
<br>
</div>
</div>
</body>
</html>