> Defensive programming is about handling gracefully the cases when the > user/caller does something he “is not supposed to do”.
There is a limit. Should we return an error code that will most likely be ignored? Should the C library be defensive about fprintf, strcpy, etc., etc.? > Software that relies on its users doing only the right things…? Really? OpenSSL *is not* going to check for NULL parameters where you don't supply them. It never has (not universally) and it never will. If you want another language... .:) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
