[openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

Charles Mills charlesm at mcn.org
Mon Dec 3 20:24:22 UTC 2018

LOL. Amen to that. It has gotten a WHOLE lot better. I started with OpenSSL
somewhere around 2010 and the documentation was EXTREMELY sparse to say the
list. Lots of functions documented as "under construction."


-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
Michael Wojcik
Sent: Monday, December 3, 2018 10:58 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using
SSL_CTX_load_verify_locations CApath

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Charles Mills
> Sent: Monday, December 03, 2018 10:53
> I appreciate it. OpenSSL is of course a great product but it can be a
> mystifying to debug.

If I were ever to write a book about OpenSSL, "a great product but a little
mystifying" would be an appropriate epigraph. Maybe Ivan should use it for
the next edition of his OpenSSL Cookbook. (Recommended, by the way, or its
larger sibling Bulletproof TLS; find them at feistyduck.com.)

Not that it hasn't gotten better over the years: better encapsulation and
abstraction, a lot more convenience functionality, a lot more explanation
and samples on the OpenSSL wiki (which I think didn't even exist when I
first started using OpenSSL). I have great appreciation for the team's
efforts. But SSL/TLS is a great big ball of hair to begin with, and while I
have tremendous respect for Eric Young, Steven Hensen, and the rest of the
original contributors, the OpenSSL source is not exactly a monument to
readability. (Though even in the early versions there were some important
steps in that direction, like mostly consistent, safe naming conventions for
external identifiers, thank goodness.)

Michael Wojcik
Distinguished Engineer, Micro Focus

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list