The OpenSSL API

From: Harold Weissman <HaroldW22@xxxxxxxxxxx>
Date: Thu, 16 Aug 2007 10:27:55 -0000

Can anybody in this forum explain why the API exposed by OpenSSL
is so complicated? I am thinking from the point of view of an application
A that wishes to exchange data securely with some remote application B
using SSL. I would naively thought that an API with four calls would be
enough: One for establishing the secure channel, another for sending
data, another for receiving data, and one for terminating the secure
channel.

In my view, the application developer only wants to use security
afforded by the protocol, without having to know anything much (or at
all) about the protocol itself - after all, when doing sockets
programming, one does not have know much about TCP/IP, right? However,
the OpenSSL API forces application developers to do many of the protocol
chores by hand, so to speak.

Since the designers of the OpenSSL are clearly not stupid, I must
be missing something important here. What is it?

.

Follow-Ups:
- Re: The OpenSSL API
  - From: phil-news-nospam
- Re: The OpenSSL API
  - From: slebetman@xxxxxxxxx
- Re: The OpenSSL API
  - From: David Schwartz

Prev by Date: Re: Wireless config
Next by Date: Considering a Transition from Windows to Linux
Previous by thread: how do i stop LCP errors with my modem-router?
Next by thread: Re: The OpenSSL API
Index(es):
- Date
- Thread

Relevant Pages

Re: The OpenSSL API
... How does this justify the complexity of the OpenSSL API? ... OpenSSL is not the most secure facility, ...
(comp.os.linux.networking)
Re: The OpenSSL API
... gory-detail OpenSSL approach there is a lot of room. ... simple API mentioned above? ... Granted that there are a lot of choices in the SSL realm but, ... every secure application I have ever written doesn't fit the ...
(comp.os.linux.networking)
Re: The OpenSSL API
... The SSL protocol takes care of the low level details. ... gory details because he needs to make sure the certificate the client ... and you'll see no simple API ... OpenSSL can't know what my certificate validation rules are. ...
(comp.os.linux.networking)
Re: The OpenSSL API
... The short answer is that security is complicated. ... would naively thought that an API with four calls would be enough: ... and one for terminating the secure channel. ... Even using a library like OpenSSL that tries as hard as it can ...
(comp.os.linux.networking)
Re: The OpenSSL API
... exchange | |> mechanism) and of the second by means of the certificates ... I am saying that the OpenSSL API is too complicated. ... a time consuming task (to go through all possible SSL needs). ...
(comp.os.linux.networking)