I've realized that the Fedora defensive guide  is the only guide we
have to introduce the C TLS and crypto libraries we have, as well as
provide a defensive style in using them. However, it is quite out-
dated, and misses information which may be standard requirement in the
future (e.g., support for HSMs). For that, I've taken the liberty to
update the text on crypto libraries, as well as the TLS libraries,
i.e., gnutls, Bob Relyea reviewed text on NSS, and we added a section
on using Hardware Security Modules with openssl, gnutls and NSS.
The existing updates are in:
However, what is missing now, is updating the code samples for openssl with code that is safe to use with both 1.1.0 and 1.0.0, review the section on HSMs+openssl, and add a section on setting up a server with openssl. Anyone who knows openssl well enough to volunteer for any of the tasks above?
The upstream projects libp11 and engine_pkcs11 have been merged under
the libp11 umbrella. As such, I plan to retire engine_pkcs11, and merge
it with libp11. The only drawback that I see from that move, is that
one would not find the engine_pkcs11 package at the packagedb search