Robert Haas <robertmhaas@gmail.com> writes:
> FWICS, this kind of problem is endemic in OpenSSL, which
> also doesn't seem to believe in comprehensive documentation or code
> comments. It would be nice if we had an API to some other, less
> crappy encryption library; or maybe even some generic API that lets
> you easily wire it into any library you happen to wish to use.
Awhile back Red Hat was trying to get people to switch to NSS or GnuTLS,
which apparently are better designed.
> Not that I'm volunteering to write the patch... :-(
Me either ... and in fact the lack of interest among upstreams in
rewriting their TLS code is what made the aforesaid effort crash and
burn. But FWIW, there are better alternatives out there.
regards, tom lane