OpenSSL *is* fine.
Your question is really whether there are any higher level APIs for using it which mean you don't have to faff about dealing with the need_read level returns from the calls.
Which is a fair enough question, because, yes, that whole interface is fiddly and you can break your nails on it.
You could look at using Qt; it includes an SSL socket toolkit. Although that will mean a lot of baggage in terms of extra app stuff will come along.
You could look at boost::asio which includes an SSL support system and (IIRC) will happily let SSL and plain-text sockets all play nicely together. This has the advantage of being droppable-inable.
Mind you, if you're really thrown your toys out of the pram and foffed then you won't be reading this, so you'll have to find them by a harder route...
Alternatives to OpenSSL
Author
I've found another alternative. Happily it is a C++ lib; sadly, like crypto++, it seems to not be a complete alternative to OpenSSL.
Brian Wood
It is my experience that you can either use OpenSSL, which is complete, tested, supported, and widely used, or you can use an alternative that is incomplete and probably has security holes as wide enough to drive a truck through. You can always write the missing bits and do your own security audits and maintain patches. After all, even the Debian Linux distro did that.
But if you don't like the API and don't like having to do asynchronous programming, then OpenSSL is not for you. I know I hated using it, but my experience is all the alternatives are far far worse.
But if you don't like the API and don't like having to do asynchronous programming, then OpenSSL is not for you. I know I hated using it, but my experience is all the alternatives are far far worse.
Yeah I'm looking for an alternative to openssl as well. I can't even get the damn thing to compile. And I'm sure as hell not linking dynamically. Have you tried yaSSL?
Author
Quote:Original post by hplus0603
Your link is broken.
I'll try again, but since it isn't my site, it could break again.
http://botan.randombit.net
I still haven't decided on anything encryption-wise so am glad to see this thread coming back to life. Was thinking of posting to another group, but hadn't gotten around to that. I tried a day or two of cryptlib but wasn't getting a warm fuzzy there. I would like to find the bzip2 of encryption -- carefully designed and reasonably well documented.
Brian Wood
Quote:Original post by wood_brian
I would like to find the bzip2 of encryption -- carefully designed and reasonably well documented.
The problem with this type of development is that people don't really get paid to do it anymore, which limits the choices somewhat.
So it typically relies on waiting until some Big Name funds the development and releases it as open source (aka OpenSSL). Or purchasing a proprietary implementation. Or hiring third-party integration consultant. Free only gets so far.
When it comes to non-trivial work, those $200 bids for Facebook clone, incl. 300 mil users don't really deliver.
Yeah I don't really have the time to make it up from scratch. I thought yaSSL had great potential but its documentation is non-existent and I seem to having a few problems with it. Hell, if I could find some static openssl (MinGW) libraries for download I may just go back to that.
Quote:Original post by wood_brian
I still haven't decided on anything encryption-wise so am glad to see this thread coming back to life. Was thinking of posting to another group, but hadn't gotten around to that. I tried a day or two of cryptlib but wasn't getting a warm fuzzy there. I would like to find the bzip2 of encryption -- carefully designed and reasonably well documented.
If you're looking for warm fuzzies, cryptography is not where you should be looking. "Real" crypto (the kind that is expected to secure truly private data) is not friendly. I've worked with OpenSSL extensively and I don't see anything about it that isn't "carefully designed." Look at the people who use it for god's sake. It is THE definitive crypto suite. As far as "reasonably well documented" goes, I've never had trouble with the documentation, but I'm a *nix systems dev of many years, so maybe I'm just anesthetized to low-level development.
Anyways I don't think what you want exists. You want an easy crypto lib that you can just "plug in" to your existing code without having to rethink your existing code flow. I don't see that happening.
Quote:Original post by Dragon88
If you're looking for warm fuzzies, cryptography is not where you should be looking. "Real" crypto (the kind that is expected to secure truly private data) is not friendly.
Agreed. I built an SSL wrapper based on some old outdated VB code and it was pretty horrendous. Unless you're planning on making it your life's work I'd just go with a pre-made library. Though if you do pull it off, more power to you.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
