> Why is it different if we do exactly that in libcrypto? Because *we* are not guessing. We are telling the application "we think it's a FOO" and then letting the application decide what to do.
Security libraries *should not guess.* -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev