[linux-elitists] Surveillance

Brandon Philips brandon at ifup.co
Wed Sep 11 09:42:21 PDT 2013


One of my friends has been hacking on a new SSL library in C for a
while now: https://github.com/pquerna/selene

It is a huge undertaking though.

One of the most impressive things about Go, to me, is that they did
clean implementations of all of the essential crypto in native Go
without using openssl at all.

On Wed, Sep 11, 2013 at 5:49 AM, Andy Bennett <andyjpb at ashurst.eu.org> wrote:
> Hi,
>
>>> In the case of the much-ballyhooed inadvertent sabotaging of the RNG in
>>> the Debian/Ubuntu OpenSSL package[1], I think many commentators don't
>>> sufficiently appreciate just how bad the spaghetti-code problem in
>>> upstream OpenSSL is.
>>
>> I once had to dig into the OpenSSL source to figure out a particular API
>> behaviour that was pooly documented.
>>
>> "Unpleasant" doesn't begin to describe the experience.
>
> Yes... I was fishing in there the other day trying to work out how it
> did buffering. In the end I just buffered in my application and let it
> make a packet (and corresponding SSL context) every time I called its API.
>
> :-(
>
>
>
>
>
> Regards,
> @ndy
>
> --
> andyjpb at ashurst.eu.org
> http://www.ashurst.eu.org/
> 0x7EBA75FF
>
> _______________________________________________
> Do not Cc: anyone else on mail sent to this list.  The list server is set for maximum one recipient.
> linux-elitists mailing list
> linux-elitists at zgp.org
> http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists


More information about the linux-elitists mailing list