undefined | Better HN

0 pointsnwmcsween9y ago0 comments

I don't really know what you mean about a hard-to-use api as openssl compat would just wrap the bearssl api and not make any difference to consumers of bearssl.

0 comments

fdr9y ago

The problem is that OpenSSL's API itself is quite complicated and probably not in an entirely necessary way. As but one concrete example, there's almost no particularly satisfying way to handle the "error queue" in a world with imperfect software. I also recently found how how insanely impractical it is in practice to perform one's own certificate validation (e.g. so I could interpret the CN field) if a TLS connection is abstracted even a tiny bit (e.g. in a database driver).

Little doubt that someone would find it useful, but it is An Undertaking, to preserve something which is not that desirable.

j / k navigate · click thread line to collapse

0 pointsnwmcsween9y ago0 comments

I don't really know what you mean about a hard-to-use api as openssl compat would just wrap the bearssl api and not make any difference to consumers of bearssl.

0 comments

fdr9y ago

Little doubt that someone would find it useful, but it is An Undertaking, to preserve something which is not that desirable.

j / k navigate · click thread line to collapse