alerque
commented
3 years ago You think adding a whole crypto stack would reduce complexity?
I get that the openssl project was miss-managed and abused and got broken, but given the scrutiny since (and the fact that even most of the security driven forks have been folded back into the original project) it's probably the most robust thing you could use right now.
If there was a really robust set of Rust crates that could take care of that end of things I'd be all for this, but the state of certainly and others is not there yet. Switching out openssl for fledgling alternatives that haven't had solid shakedowns would be a step backwards.
Hi. Is it possible to provide a pure Rust-based generation of certificates (that avoids openssl)? There seem to be libraries/apps that generate certificates using Rust already: https://crates.io/crates/certainly
Avoiding openssl makes sense for users who are worried about openssl vulnerabilities and [unnecessary] complexity.
Using the pure-rust implementation could then be hidden under a feature flag if openssl is desired to be used by default.