I recall a lot of renewed energy a year ago into improving OpenSSL, including funding and support. Has that panned out as I would have hoped? LibreSSL improvements are highly visible (and exciting) but I expect I would have overlooked any OpenSSL improvements.
There has been a whole bunch of changes and cleanups in OpenSSL, it's just stuff like that doesn't seem to pick up as much traction here (they don't really have the blogging / communicating thing down so well, I guess?)
This is the current roadmap. https://www.openssl.org/policies/roadmap.html
Picking out a few highlights:
* "Objective met (2015): The FIPS code has been removed from the master branch, and will be re-integrated more cleanly during a future validation. "
* "Objective met (2015): All use of dynamic memory allocation has been cleaned up and made consistent, and the internal memory pool has been removed. "
Under Coding Style:
* "Objective met (2015): All release branches were reformatted using a script included in the release." (so all code now adheres to a consistent style at least, which is a good starting point)
And amongst their targeted goals now:
* Legacy platforms that are unlikely to have wide deployment will be removed from the code.
.. but ..
* Non-supported platforms requiring regular maintenance activities will eventually be removed from the code after first seeking community owners to support the platforms in platform specific repositories.
Not convinced that's necessarily the right route, but I can appreciate where they're coming from.
