[openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

Michael Wojcik Michael.Wojcik at microfocus.com
Mon Dec 3 18:57:58 UTC 2018

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Charles Mills
> Sent: Monday, December 03, 2018 10:53
> I appreciate it. OpenSSL is of course a great product but it can be a little
> mystifying to debug.

If I were ever to write a book about OpenSSL, "a great product but a little mystifying" would be an appropriate epigraph. Maybe Ivan should use it for the next edition of his OpenSSL Cookbook. (Recommended, by the way, or its larger sibling Bulletproof TLS; find them at feistyduck.com.)

Not that it hasn't gotten better over the years: better encapsulation and abstraction, a lot more convenience functionality, a lot more explanation and samples on the OpenSSL wiki (which I think didn't even exist when I first started using OpenSSL). I have great appreciation for the team's efforts. But SSL/TLS is a great big ball of hair to begin with, and while I have tremendous respect for Eric Young, Steven Hensen, and the rest of the original contributors, the OpenSSL source is not exactly a monument to readability. (Though even in the early versions there were some important steps in that direction, like mostly consistent, safe naming conventions for external identifiers, thank goodness.)

Michael Wojcik
Distinguished Engineer, Micro Focus

More information about the openssl-users mailing list