A problem that I have with apps/req.c is that it is hardly a good reference for how to use the API calls.
I think, ideally, that all of openssl.cnf should be entirely an artifact of the apps, but there are (still, I think) things that can only by constructing some openssl.cnf configuration and sending that down. Many of those calls are not documented, but many wrappers (ruby's openssl for instance) continue to use. I posted a notion a few years ago that the apps/* should be split off into a new repo, should use only documented API calls, and should evolve separately from the core libssl. This is a documentation and d06f00d'ing exercise.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
