This is a must-read.

https://cryptography.io/en/latest/statements/state-of-openssl/

#python #cryptography #crypto #openssl #opensource

@soatok I've neither been a fan of the python cryptography library nor OpenSSL, but this was an extremely refreshing read. I'm happy someone else has caught up on the substantial problems with OpenSSL. Thank you for sharing!

@soatok Holy crap on a cracker, I knew things at OpenSSL were bad, but *this* bad? 🤔

@soatok I am not a user of OpenSSL, being more down in the hardware, but these design choices are insane.

As if the developers are pleasuring themselves instead of trying to provide a finite implementation of a finite specification.

@soatok @kevin
"many OpenSSL source files are no longer simply C files, they now have a custom Perl preprocessor for their C code"

I... what?

@kurtmrufa @soatok The problems covered in OP is only the surface. I invite you to look at the spaghetti code hellscape that is the OpenSSL source code.

https://github.com/openssl/openssl/tree/master/crypto

@FritzAdalis @soatok @kevin As others have said this is not new, but the use of Perl for code generation seemingly has expanded.

@soatok Not 100% related, but are there sane alternatives for the openssl *command*? It's always a pain to look up subcommands and arguments, so I might as well just learn a new (set of) tool(s) for key and certificate manipulation.