LibreSSL and OpenSSL and *SSL
hans at stare.cz
Wed Feb 28 18:06:34 UTC 2018
> On Feb 16 20:15:04, notifications at github.com wrote:
> > OpenSSL was once undersupported because they didn't have funds
> > to have full time staff doing development and maintenance.
> > That ended a long time ago after Heartbleed.
> > The project is now fully funded and has excellent people working on it.
> Now we get to the real thing: LibreSSL is better.
> For those who actually care: please do watch the original
> talks and slides about why LibreSSL even exists:
> Yes, that's almost four years ago. So how much of the
> attrocities mentioned in the above have been fixed?
> Does it still use its own OPENSSL_malloc() that never frees?
> Does it still use its own OPENSSL_strfoo() that is almost,
> but not quite, indetical to the usual, well defined strfoo(3)?
> Has the depth of the #ifdef/#ifndef maze dropped from 17?
> Are the security vulnerabilities still rotting in the bug DB for years?
> Is it still impossible to enter the codebase from outside
> without untangling it for weeks?
> The LibreSSL developers state explicitly that heartbleed
> was not why they started their fork. It was things like these.
More information about the macports-dev