On Thu, Dec 11, 2014 at 6:51 AM, Stuart Henderson <[email protected]> wrote: > On 2014/12/11 16:42, Dmitry Eremin-Solenikov wrote: >> 2014-12-11 15:40 GMT+03:00 Stuart Henderson <[email protected]>: >> > On 2014/12/11 16:08, Dmitry Eremin-Solenikov wrote: >> >> Hello, >> >> >> >> For the historic reasons there is a significant amount of duplicated >> >> functionality. >> >> For example one can use openssl rsa/dsa/ec to create/modify >> >> private/public keys >> >> or it's possible to just use a generic openssl genpkey/pkey interface. >> >> I'd like >> >> to suggest to clean up the first set of commands in favour of a >> >> generic implementation. >> >> >> >> What do you think? >> > >> > The "old" interfaces are still very widely used, both in text >> > (books/guides/documentation) on handling keys, and directly used in >> > programs (to pick a couple: ikectl, easyrsa) >> > >> > I dislike having two separate implementations in code that do basically >> > the same thing so perhaps they could be consolidated somehow, but >> > think the old command-line options would need to set things up to >> > call common code and work as before; removing them will cause >> > widespread difficulty. >> >> Should LibreSSL start the process of deprecating them? Add a warning, >> start updating users and docs? > > Good luck! > > Google for "openssl genrsa" says "About 108,000 results", the same > search on github "We've found 40,410 code results". >
Maybe it would be better to direct energy toward simpler, TLS-focused app altogether to live along-side the openssl(1) app, in the vein of libtls? There certainly would be demand for an app that: 1. makes all modern, common use cases easy and obvious how to use: (generate/sign/verify/dump certs, benchmark, netcat-style TLS client, server) 2. uses regular getopt-style arguments 3. makes something like setting up a local CA and generating a self-signed key as easy as reading the manpage 4. is a good example of library usage and coding style I believe boringssl has something called 'bssl'. What about calling it 'tis'? Maybe I should stop talking about it and get coding (though don't let me stop you!)...
