What is wrong with SSL: it simply doesn't work (Pike 7.4.10 stock) - a lot of unresolved references. It was fixed somewhere in 7.4.13 and in 7.4.15 it is broken again. So - it is unstable, at least.
Well, I've got a nicely working SSL in Pike 7.4.10 and 7.4.15 here, so it sounds to me that you are doing something wrong. You can begin with explaining what you mean with "unresolved references" since that is not an error usually mentioned when discussing Pike problems. (Though it appears when you create the manual, but that just means broken link (a href).)
Additionally, it doesn't provide all the functionality which is included in OpenSSL, and, again, OpenSSL is long standing, stable project, proven.
A lot of crypto stuff included in OpenSSL is far better and more optimized comparing to original Pike stuff - this is the major point, I think.
I want facts, features, figures or I'll disregard from all these arguments except the speed one, which I have already seen measurements and charts for.
Personally, I don't think that this is good idea - to implement in Pike everything just because it can be implemented. Some things are quite ineffective in Pike, even when JIT and optimizer are in use.
Everything which needs speed _must_ be implemented in C, everything else _may_ be implemented in Pike. IMHO, of course :)
The lower langauge the greater potential for high speed and low memory footprint, but at the same time greater portability problems and easier to make harmful bugs. Implementing crypto algorithms in C is a good idea. Implementing low level data management such as ASN1 in C might be a good idea. Implementing SSL in C is probably a bad idea.
Also do note the word 'potential' in the last paragraph. Pike has outperformed C code in several benchmarks because the naive implementation in Pike (which utilizes optimized algorithms deeper down) is faster than the naive implementation in C.
/ Martin Nilsson (Åskblod)
Previous text:
2003-01-28 00:15: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
On Sun, Jan 26, 2003 at 01:25:02AM +0100, Martin Nilsson (Åskblod) @ Pike (-) developers forum wrote:
What's wrong with the SSL module, or more to the point, what is better with OpenSSL?
What is wrong with SSL: it simply doesn't work (Pike 7.4.10 stock) - a lot of unresolved references. It was fixed somewhere in 7.4.13 and in 7.4.15 it is broken again. So - it is unstable, at least.
Additionally, it doesn't provide all the functionality which is included in OpenSSL, and, again, OpenSSL is long standing, stable project, proven.
A lot of crypto stuff included in OpenSSL is far better and more optimized comparing to original Pike stuff - this is the major point, I think.
Personally, I don't think that this is good idea - to implement in Pike everything just because it can be implemented. Some things are quite ineffective in Pike, even when JIT and optimizer are in use.
Everything which needs speed _must_ be implemented in C, everything else _may_ be implemented in Pike. IMHO, of course :)
Regards, /Al
/ Brevbäraren