On 13 January 2017 at 07:05, Wes Turner <wes.turner@gmail.com> wrote:
> +1 for start simple and iterate;
> but expecting a config object is not easy to add later.
Yes, it is - all that is necessary is to add a "make_ssl_context"
helper function that translates from the declarative configuration
format (however defined) to the programmatic API and returns a
configured context of the requested type.
The appropriate time to define that lowest-common-denominator
configuration format is *after* there is a working programmatic API
that covers at least the 3 major implementations of interest (OpenSSL,
SecureTransport, SChannel), and hopefully a few other implementations
as well (e.g. NSS, BoringSSL).