10 comments

[ 16.3 ms ] story [ 50.6 ms ] thread
There are enough alternatives already. It's true. We could all just move on.
What about putting in effort into writing extensive test suites and fuzzing of OpenSSL? This would allow a gradual refactoring effort to clean up the nastiest bits.
That might help against factual bugs, but not against a horrible API, the misleading docs and harmful defaults.
> What about putting in effort into writing extensive test suites

Easier said than done. Writing test-suites for a codebase which never had a test-suite is a million times harder than writing a test-suite for new, fresh code.

In fact it's probably easier to start over than re-factoring the code to be testable in the first place, but some people might argue that would be a wee bit drastic. So not saying it can't be done, just that it does take a very significant effort.

If anyone should still feel like doing something like this, I can very much recommend the following book for advice and morale boost:

http://www.amazon.com/gp/product/0131177052/ref=as_li_ss_tl?...

(Discalimer: Affiliate link)

It "must die", OR how about we stop adding features to the protocol that don't belong in it, and then implementing them poorly? Note that people who were running a "too old" version of OpenSSL were not affected by Heartbleed.
Someone has to pay for something to be what he says. Maybe the almighty Google or Facebook or Apple someone should fork over some bucks to support a correctly constructed alternative. Open source may be "free" but building something complex and correct is not free to build. Given that openssl had about 2K donated per year it's really a hobby project. It's not like Linus works on Linux while flipping hamburgers for a living.
Apple has SecureTransport[1] and it is open source[2], it had the goto fail bug from earlier this year. Shoving money at the problem isn't necessarily the answer. The problem is the TLS spec is a confusing, arcane spec riddled with tons of gratuitous addons and extensions. Implementing all or even most of it without error/bus is simply a very hard problem

[1]: https://developer.apple.com/library/mac/documentation/securi...

[2]: http://opensource.apple.com/source/libsecurity_ssl/libsecuri...

It's absolutely true, good programming costs money and somebody has to pay[1], but given the amount of money floating through TLS protected connections, that should be a solveable problem, once people realize it is there.

But I think the major problem with OpenSSL is that it never had anything resembling architectural leadership: Things just got bolted on to the side and hung from any convenient nail people could find.

PS: Yes, I wrote that piece.

[1] https://www.varnish-cache.org/docs/trunk/phk/dough.html

Sounds a bit fatalistic, now that the OpenBSD folks seem to have come to the rescue.