Re: Questions on cURL and OpenSSL
Date: Tue, 24 Jun 2008 22:28:44 +0200 (CEST)
On Tue, 24 Jun 2008, Scoped Ptr wrote:
> As far as I know, OpenSSL doesnt has a stable set of APIs for SSL. They keep
> changing the APIs
What? The functions OpenSSL provides are mostly the same SSLeay provided 10
years ago. I don't know of any other functional SSL library that have provided
functions that long. I wouldn't call that "keep changing the APIs".
I'd say the main problem with OpenSSL from a user's stand-point is the lack of
docs, and that the APIs seem very ad-hoc constructed so there are often
inconsistences etc between functions that surprise you.
> and also the security updates are also released very frequently.
I'm not sure that's a sign of anything bad. OpenSSL is by far the most used
and thus the most tortured and abused SSL library.
> How does curl copes with it when it uses openssl for SSL ?
No problemos. curl built with SSLeay and probably still could with a little
effort. It builds fine with OpenSSL 0.9.6 and later.
Security-related fixes in third-party libs don't strict effect us, even if we
of course encourage (lib)curl users to always upgrade to versions that aren't
> How frequently does curl has to do changes to cope with OpenSSL changes?
Once or twice I think during roughly ten years.
We haven't supported the other libs anywhere near as long so I can't make any
real comparisons in that regard.
-- / daniel.haxx.seReceived on 2008-06-24