Theodore Ts'o wrote:
Reading through the mail archives, the problem, as I understand
it, is that OpenSSL is derived from a very old legacy codebase, with an
interface which relies on publically visible data structures which must
be accessed either directly, or via accessor macros. In some cases,
those macros could be changed to accessor functions, and it looks like
the easy cases have been done --- but in other cases, the macros
couldn't be replaced with accessor functions without causing an API
change which would breaking applications. Is that a fair summary of the
situation?
It is *so* difficult to critique something without seeming to
criticize the work of others, so the following disclaimer applies.
MUCH is owed to the developers and maintainers of OpenSSL --
Mark, Ralf, Stephen, Ben, Lutz, Nils, Richard, Bodo, Ulf, Andy,
Geoff -- and a host of others. OpenSSL is ubiquitous, thanks in
large part to them. 108 bows to each of you.
OpenSSL derives from Eric Young's work of many, many years ago. It has
come to resemble a tarmac that is mostly patches. Yes, yours is a fair
assessment.
My first impression ("On first looking into Chapman's Homer") was --
wow, it really *is* painful to write C++ in C. That was more than
a decade ago.
If one were really serious, it calls for a rewrite -- one that replaces
the dreadful BIO-stuff, develops a strictly modular separation of crypto
libraries (which are used so many places other than for SSL/TLS), etc.
and is written in C++.
Just my USD 0.02^H1^H05
- Michael
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
