On 10/22/14 21:27, Chris Cappuccio wrote:
Gregory Edigarov [ediga...@qarea.com] wrote:
Hi,
Since we are already go with re-engineering of openssl becoming libressl,
why not provide some clean and intuitive interface instead of that crap
openssl(1) is? For example ressl(1) would be the new "high level" interface
with very few selected frequently used functions, and openssl(1) with low
level interface as it is now
Umm..What do you imagine this new ressl utility will do?
There are a lot of examples of how to do very specific things with the openssl
command line utility on the web today. Why is another utility, one with less
features, why is it necessary?
Yes, there are a lot of such examples, and these examples are only
necessary and exist because openssl(1) interface is a crap. I do not
believe OpenBSD is about such a crap. Instead, I think OpenBSD is about
providing a clean and good engineered interfaces, to mostly eliminate
the need for "a lot of examples of how to do very specific things with
the openssl command line utility " (C).
something like:
ressl generate privkey
ressl generate csr
ressl sign
etc.
--