As important as openssl is for many projects I find the engineering quality of it to be lackluster. My project is still on an older version and I wanted to upgrade. I tried to build approximately 7 versions for windows using msvs 2017 and msvs 2019. None even build but fail with compiler errors or linker errors!
On Linux if I go to system provided 1.2.x openssl version and try to build against that my code breaks with thousands of mysterious errors about undefined types (in openssl headers).
I mean Openssl solves a big problem but from engineering perspective the library is one giant problem. And I haven't even remarked on the horrible API design yet.
I've mixed opinions over the recent breakages I've witnessed in OpenSSL.
On one hand, I absolutely hate a library which breaks its API (I think lack of stability in interfaces is one of the bigger bane of the software industry and causes numerous issues down the line).
But in the specific case with OpenSSL, the breakages are legitimate imho. Most of the breakages I have seen are to clean-up interfaces and have a clear boundary between OpenSSL internals and items controlled by third party apps.
Concretely, they are switching from an API which exposed the internal structures directly to a getter/setter pattern.
Breaking APIs is always a balancing act, it's not something which must happen willy-nilly, but it's sometimes a necessary evil, and in the specific case of OpenSSL, if the project wants to go forward and improve in quality and stability, they are kind of forced to do it, it's just a bit regrettable that better design decisions had not be made from the start.
I'm not even talking about clear cut API breakage. I'm talking about that if I do #include <openssl.h> and build against the 1.2.x system installed OpenSSL I will get thousands of errors from headers internal to OpenSSL.
On Linux if I go to system provided 1.2.x openssl version and try to build against that my code breaks with thousands of mysterious errors about undefined types (in openssl headers).
I mean Openssl solves a big problem but from engineering perspective the library is one giant problem. And I haven't even remarked on the horrible API design yet.