OpenBSD forks, prunes, fixes OpenSSL

Summary:In the wake of Heartbleed, a well-known open source development group is creating a simpler, cleaner version of the dominant OpenSSL.

Members of the OpenBSD project, already known for the OpenBSD operating system and related projects such as OpenSSH, OpenBGPD, OpenNTPD, OpenSMTPD, are creating a fork of the OpenSSL project, likely to be called LibreSSL. (OpenSSL and OpenBSD are completely separate projects with different people working on them.)

OpenSSL is the dominant SSL/TLS library on the Internet, but has suffered significant reputation damage in recent days for the Heartbleed bug. The incident has revived criticism of OpenSSL as a poorly-run project with source code that is impenetrable and documented, where it is at all documented, badly and inaccurately.

The main effort of the LibreSSL project is to remove the very large portion of the code that serves purposes that are either of very limited interest or which were scheduled by OpenSSL for removal but never actually removed.

Theo de Raadt, founder and leader of the OpenBSD and OpenSSH, tells ZDNet that the project has already removed 90,000 lines of C code and 150,000 lines of content. de Raadt: "Some of that is indentation, because we are trying to make the code more comprehensible. 99.99% of the community does not care for VMS support, and 98% do not care for Windows support. They care for POSIX support, so that the Unix and Unix derivatives can run. They don't care for FIPS. Code must be simple. Even after all those changes, the codebase is still API compatible. Our entire ports tree (8700 applications) continue to compile and work, after all these changes."

A blog site called "OpenSSL Valhalla Rampage" that is following the project, is not run by the project. de Raadt says he doesn't know who is running it and that the actual LibreSSL team has been too busy to put up a web site.

Topics: Security

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.