On Fri, Aug 22, 2008 at 3:57 PM, Kenneth Goldman <[EMAIL PROTECTED]> wrote: > If that's the rationale, I eagerly await 1.0. The lack of a stable > API has hurt me far too many times. I encourage the developers > to freeze the existing API.
The core OpenSSL developers already stick to that particular goal for a long time. I've been using OpenSSL since at least 1999 (0.9.4 / 0.9.5) and the crypto and SSL API has been amazingly stable all those years. The only changes that I have met are in rather 'obscure' areas, such as when you want to custom process ASN.1 encoded data and particular custom certificate extensions. I don't recall the last time when I had to recompile my software which was using OpenSSL for the reason that OpenSSL changed an API function. However, I *do* remember twice in that same decade that (1 time) a commercial supplier was merged with another company and our crypto lib was 'phased out/replaced' on merger, so I had to convert the whole bloody lot to a new API. Luck had it I switched to the OpenSSL crypto code, because that was cheaper than buying the upgrade PLUS the extra work, but that did not help me with another bit of software (1 time), which was using (another) commercial, 'stable', crypto lib, which suffered from a bug 'nobody' suffered from but me (according to their extremely helpful helpdesk) and that little issue was resolved when the company went bust or burst its bubble some other way two years after. Good riddance. ?? ... Ah, yes. Both _their_ version numbers were way beyond v1.0 very stable indeed. > I think this was the original idea. For me, the more important reason > to use a shared library is the ability to upgrade the library when I > don't have access to the source/object code that uses the library. With crypto, I'd rather have access to the source code so I can have it reviewed when the project/customer requires such. Far better than buying for several grand into faith and a glossy sheet. Because OpenSSL doesn't come with a source code NDA so I can contract out crypto analysis/review without any legal hassles, which invariable take a lot of time to settle and are bad for your deadlines. I use my own MSVC project files to create OpenSSL Windows DLLs and it's worked flawlessly for several years. (OpenSSL also offers Windows makefiles to do the same, BTW) -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
