> Users matter: try doing some usability testing. Try adding some help text and man pages, instead of hijacking the wiki webpage of a different SSL project. And stop forking OpenSSL; you’re just making things worse.
1. Apple is not usability testing this 3 year old version of a fork of openssl, because they're not supporting it at all.
2. help text not available because its an apple supplied fork. openssl does tell you to use 'help'
3. man pages do exist. Just not installed by apple like author expected
4. and stop forking OpenSSL; BSD project forked it and Apple wants BSD over anything else because they can put the software in their closed platforms. Even if libressl were on the up and up, Apple's still got a version from 2016 installed.
Those are all Apple problems, not openssl problems.
1. The OpenSSL API hasn't changed, and if Apple changed it on their own that would break more things
2. The issue the author complained about was `openssl --help` not working, and it doesn't work on any platform (because he got the command wrong). `openssl help` does work on OSX (I literally just tested it).
3. Yeah, that's the one issue we agree is an Apple issue.
4. Apple didn't make LibreSSL. Other systems besides Apple use LibreSSL, and the authors complaints about their lack of documentation are relevant regardless of what Apple does.
> 4. Apple didn't make LibreSSL. Other systems besides Apple use LibreSSL, and the authors complaints about their lack of documentation are relevant regardless of what Apple does.
No, this is specifically Apple's fuck up. The documentation is right there on OpenBSD! It pretty much always was. I have a live system running OpenBSD older than this rant, and the man pages are there. The default modulus is 2048 too.
> 4. Apple didn't make LibreSSL. Other systems besides Apple use LibreSSL, and the authors complaints about their lack of documentation are relevant regardless of what Apple does.
Other systems probably upgrade their copy of BSD userland more than once a decade... especially if they are the richest company on Earth.
There are probably 100 other user rants to accompany this for all the other massively out of date bits of BSD on MacOS.
> `openssl help` does work on OSX (I literally just tested it).
For anyone else interested, I just tested it as well. It appears that it prints a listing of all the commands offered by openssl (split into sections "Standard commands", "Message Digest commands", and "Cipher commands"), with no other descriptions or usage instructions. I tried `openssl help bf` to get more information, and it prints the options available to that command and their descriptions. I did not see any way to actually figure out what a command does, but it is possible I missed it.
Happily, it will likely be removed in the next macOS, at which point anything still dependent on it will break utterly until either updated to use SecureTransport or to bundle OpenSSL.
I predict a popular tool favored by the HN community will break, leading to a highly-upvoted front page post that instructs everyone on how to reinstall the shim wrapper using an unsigned tarball from an unsafe non-Apple source and zero patches to that tool from us to make it use the modern macOS-provided library instead.
5. Follow the code commits of the LibreSSL fork and if you continue to use OpenSSL and not LibreSSL at least you will know the various issues you are going to have.
OPENSSL(1) General Commands Manual OPENSSL(1)
NAME
openssl ? OpenSSL command line tool
SYNOPSIS
openssl command [command_opts] [command_args]
openssl list-standard-commands | list-message-digest-commands |
list-cipher-commands | list-cipher-algorithms |
list-message-digest-algorithms | list-public-key-algorithms
openssl no-command
DESCRIPTION
OpenSSL is a cryptography toolkit implementing the Transport Layer
Security (TLS v1) network protocol, as well as related cryptography
standards.
1. Apple is not usability testing this 3 year old version of a fork of openssl, because they're not supporting it at all.
2. help text not available because its an apple supplied fork. openssl does tell you to use 'help'
3. man pages do exist. Just not installed by apple like author expected
4. and stop forking OpenSSL; BSD project forked it and Apple wants BSD over anything else because they can put the software in their closed platforms. Even if libressl were on the up and up, Apple's still got a version from 2016 installed.
Those are all Apple problems, not openssl problems.