Re: [hackers] Updating SSL patch for ii.

From: Laslo Hunhold <>
Date: Sun, 29 Jan 2017 23:02:12 +0100

On Sun, 29 Jan 2017 22:47:01 +0100
Hiltjo Posthuma <> wrote:

Hey Hiltjo,

> Doesn't this miss some things like verify peer and the certificate
> information?
> An alternative could be to use the LibreSSL libtls wrapper library
> which handles these things.

I was thinking exactly the same thing to be honest when I read the
mail. It's just impossible to use the OpenSSL-API safely as a normal
human being. And if you do, the code probably becomes unreadable and
sounds like a magic spell. There's lots of "ritual" surrounding the
use of OpenSSL and derivatives and libtls is a breath of fresh air.

I was wondering though: Isn't libtls exclusive to OpenBSD/LibreSSL? I
mean, you probably could compile it on Linux, but I was surprised there
were no "packages" available as far as I checked. It might be a cool
project idea to "port" it to Linux in case it hasn't been already.

With best regards


Laslo Hunhold <>
Received on Sun Jan 29 2017 - 23:02:12 CET

This archive was generated by hypermail 2.3.0 : Sun Jan 29 2017 - 23:12:18 CET