> An OpenSSL API emulation could then have been layered on top.
Not really. OpenSSL exposes "internal" data structures in its API, leaking e.g. x.509 datastructures through[0]. The only way to expose an OpenSSL API emulation is to be OpenSSL.
That's why the libressl project started libtls[1] (née ReSSL) as a clean-slate abstracted API.
Not really. OpenSSL exposes "internal" data structures in its API, leaking e.g. x.509 datastructures through[0]. The only way to expose an OpenSSL API emulation is to be OpenSSL.
That's why the libressl project started libtls[1] (née ReSSL) as a clean-slate abstracted API.
[0] http://www.tedunangst.com/flak/post/goreSSL
[1] http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/...