Post B2JsyhPy1W7OAnxvyS by pitrh@mastodon.social
(DIR) More posts by pitrh@mastodon.social
(DIR) Post #B2IjYkbMTDWnlyt4V6 by 0xabad1dea@infosec.exchange
2026-01-15T06:37:34Z
1 likes, 0 repeats
RE: https://furry.engineer/@soatok/115896145424737173As a professional source code reviewer, I gotta agree with “We cannot overstate the extent to which just reading the OpenSSL source code has become miserable.” The answer to “how does OpenSSL—” is always “I don’t know and I don’t have six months to find out.” This is not true of alternative libraries with the same functionality.
(DIR) Post #B2Jsyf5gfwhwxKSi5Q by pitrh@mastodon.social
2026-01-15T13:55:29Z
0 likes, 0 repeats
@0xabad1dea During the ten years or so before libressl was started, I have heard several OpenBSD developers say something along the lines of "I sat down to read the OpenSSL source but I could only go on for so long before my eyes started bleeding"but they *did* get around to forking libressl after a while
(DIR) Post #B2JsygcgyihdhyuaAa by whynothugo@fosstodon.org
2026-01-15T14:23:24Z
0 likes, 0 repeats
@pitrh @0xabad1dea I’ve never really understood why libressl didn’t pick up.
(DIR) Post #B2JsyhPy1W7OAnxvyS by pitrh@mastodon.social
2026-01-15T14:40:54Z
1 likes, 0 repeats
@whynothugo @0xabad1dea I think BobBeck's BSDCan 2014 "the first 30 days of libressl" https://www.youtube.com/watch?v=GnBbhXBDmwU&t=463s&pp=ygURYm9iIGJlY2sgbGlicmVzc2w%3D is still worth taking in
(DIR) Post #B2JsyiA3GAyuTjWjo0 by whynothugo@fosstodon.org
2026-01-15T20:04:25Z
1 likes, 0 repeats
@pitrh @0xabad1dea 11 years ago. It's clear that things have not changed either, a discussion from 3 years ago echos the exact same sentiments:"the OpenSSL developers appear to want to focus on developing new features rather than cleaning up the mess of regressions they have created with OpenSSL 3."From https://gitlab.alpinelinux.org/alpine/tsc/-/issues/28