I also don't see how the advice to include your own version is any better than shipping two versions.
Apple could provide newer libssl dylibs and programmers should link against specific versions. You could argue the only mistake in this instance is the existence of the generic libssl.dylib symlink which will need to point to 0.9.8 in perpetuity.
Exactly why Apple have given up on OpenSSL is anyone's guess (since Apple aren't saying -- hence Rentzsch's post). You could insert a conspiracy theory but my guess is that they can't be bothered curating and patching another OpenSSL library version since they themselves only ever use libcrypto.
Apple could -- and do -- security patch libssl.0.9.8.dylib. So while you will never go from 0.9.8 to 1.0.1 automatically, you could automatically go from 0.9.8r to 0.9.8s automatically.
• Hashing: MD5, SHA1, SHA2
• HMAC (hash based message authentication) http://en.wikipedia.org/wiki/Hash-based_message_authenticati...
• PBKDF2 (password to key) http://en.wikipedia.org/wiki/PBKDF2
• Symmetric Encryption: AES, DES, 3DES, CAST, RC4, RC2, and Blowfish. (The algorithm selection is poorly documented in the man pages, I'm reading source here.)
It has an API that would not surprise anyone who has used a similar library.
It is open source, APSL 2.0. You can read it here: http://www.opensource.apple.com/source/CommonCrypto/
Seriously, considering that 0.9.8 was released in 2005. During the last 7 years are you telling me openssl is the only "unixy" library to have a new backwards incompatible version come out? And by the way, they are still providing updates to 0.9.8. It's still the default version in debian stable.
What parts of the API in particular are that bad?
iOS major version bumps frequently though...
Besides, Apple's major OS releases are executed like a major version number bump regardless of how others outside the company do things. These bumps include deprecation markers and warnings for APIs with planned retirement. There's no technical reason to remove deprecated APIs (keeping them around forever) to support older apps.
Open source libraries like OpenSSL tend not to bother, because their model is that you recompile stuff whenever they make binary breaking changes. And there's nothing wrong with that, it's just not how Apple operates. But it's not something inherent in the concept of libraries.
It's important to note that you can in fact have both openssl library branches on your system and that isn't a problem. It's a mis-statement to refer to these things as breaking changes, as your 0.9.8 linked code is not going to break anytime soon.