I needed a crypto library last year and looked into OpenSSL and man o man what a crap API, I know enough crypto that (in theory) I can program my own. So the terms and whatnot should not be confusing. But OpenSSL was a confusing pile of excrement. I am not at all surprised that horrible monster bugs lurked in those waters. The crap API told me two things. First that these people have their heads in their asses and that they also have their asses stuck at least a decade into the past. It reeked of one of those Open Source projects where they claim they are so few working so hard but would probably crap all over any newcomers who tried to contribute. I didn't look at the source code but I am going to predict incomprehensible variables and even hungarian notation (loved by programmers with serious OCD).
This is a completely unrelated questioned, but what are you thoughts on BitMessage?
wiki | their site Is this concept (independent of that actual BitMessage platform / execution) going to be the future of private / encrypted communications? Or is it a stupid idea? It BitMessage executing it well, even though they are still in beta, or is there some gaping hole that most folks aren't seeing?
I just looked at the source code. around 1/4th of the variables I saw had a pretty good name, 1/4th were terrible names, and the last 1/2 were single letter variable names. WTF? The file names were bonkers stupid. A typical name was tls_srp.c.
Transport layer security syrup. Alternatively, "Transport layer security Secure Remote Password", GnuTLS has a similar thing: gnutls_srp.c