Every software developer, please stop using OpenSSL. It was crap then, it is crap now and it will be crap tomorrow. And LibreSSL is not the solution. You can't turn crap into something nice. You want a decent SSL library, try mbed TLS. Unlike OpenSSL, this library has good documentation (example programs included), has a logical and sane API (no ugly callback shit) and its code is clean and secure.
I switched from OpenSSL to mbed TLS (named PolarSSL back then) in my open source project some time ago. I should have done it more early! The migration was easy and only cost me a few days. So, stop punishing yourself and give mbed TLS a try. You won't regret it!!
No, I'm in no way connected to mbed TLS. Just a happy mbed TLS user who doesn't understand why people keep on torturing themselves and their users.
In that case, you better try mbed TLS (former PolarSSL). Has been tested and audited more times than this untested new comer. And it has full support for everything that is needed. mbed TLS makes every new attempt to implement an SSL / TLS library obsolete immediately.
Agree. It's better to build something rock solid which supports only 80% of all use cases than to end up with something big and bloated that handles every thinkable use case. Yes, the ultimate thing is to have something rock solid that supports everything, but that's an utopia.
... which is really good news in terms of security auditing and testing.
Good, then start debugging. Because I got compile errors on both Linux and MacOS X.
I can advice every software developer to take a look at mbed TLS (former PolarSSL). It has everything a modern SSL-enabled application needs. It's API is easier that OpenSSL's, it has very good documentation (example programs included) and last but not least: it's secure!
No, I'm not the mbed TLS developer or in any way connected or related to mbed TLS. I'm just a very happy developer who replaced OpenSSL with mbed TLS in my project many years ago and never had any reason to look back. Even the users of my project are very happy with it. Good riddance!!
Seriously, man: OpenBSD? Really?
As you can see, pointless flaming can be done about anything. If you want to critcize PHP, come up with some proper and valid arguments. Otherwise, you're nothing more than a loudmouth fanboy. I have several PHP websites running for many years, without a single hack, without a any significant downtime (besides server maintaince) and with proper speed. PHP is just a tool, it's the developer that makes it a good or bad website.