> there literally isn’t any documentation of LibreSSL.

This is plain wrong, it's particularly annoying as a great deal of effort has been put into updating the documentation [1].

> Instead, you just have to read the OpenSSL docs, and just hope the behavior is roughly the same.

I'll give the author the benefit of the doubt and assume they refer the "OpenSSL docs" as naming hasn't been changed, as opposed to looking at actual OpenSSL documentation. Indeed it doesn't make a great sense rename everything in the documents because as the LibreSSL website states.

    libssl: a TLS library, backwards-compatible with OpenSSL
    libtls: a new TLS library, designed to make it easier to write foolproof applications

Unfortunately, from my perspective, the same situation is actually common with a lot of security libraries/tools. Usability and documentation often seem to be sub-standard. The API themselves are mostly not build around the “common” use cases.

I was always asuming that’s caused by the orginal programmers being more interested into the crypto algorithmics than building an actual useful tool. But what do I know.

My solution so far is to wrap crypto code into own modules and expose only the most simple interface for the job.

For the cli, especially openssl, I am relying on (customized) scripts to make common tasks easier, with my ultimate goal to not have to call openssl directly anymore.

It's funny to me when people complain about something they get for free. There are at least two solutions to this problem and neither of them are writing a blog to complain about the work that someone else has done and given a way for free.

You could write some documentation and give it to them. Or you could pay someone to write it for the project.

The author seems to know quite a bit about OpenSSL/LibreSSL. I'd think writing up a bit of documentation for it would be a win for everyone. Writing a blog complaining that the authors haven't done it and given it away for free is not.

The usability points in this post are very well taken, but I'd push back on "we're told not to roll our own crypto but instead to use OpenSSL", since the first part of that claim is true but the second is emphatically not.

This is a macOS problem. OpenSSL on Linux has extensive man pages and a --help switch.

Unfortunately, http://www.libressl.org/ won’t help you either, because there literally isn’t any documentation of LibreSSL.

Going to that website and clicking on openssl reveals a manual page. So, I guess the "literally isn’t any documentation" is wrong. OpenBSD likes their man pages.

undefined

> And stop forking OpenSSL; you’re just making things worse.

I strongly disagree that forks are making things worse. The solution to a project that is too difficult to fix due to baggage or a bad community or bad maintainers is to fork.

Inspired by your blog post, I've written a small tutorial on how to use OpenSSL for creating SSL certificates: https://www.thenativeweb.io/blog/2017-12-29-11-51-the-openss...

On my Ubuntu 16.04 system, `man openssl` works just fine for me.

One could export the man pages from another *nix and import them into OSX perhaps?

If your OS is "shit", don't blame others for this. "man openssl" perfectly works on correct OS and you can ask "--help" for all commands.

undefined

wtf.. donate/contribute