[masamune__]

Actually, libressl is practical drop-in replacement of openssl if you use only sane parts of openssl's functionality.

Biggest problem now is some upstream softwares still depends on insanity Openbsd devs nuked away, like RAND_egd() or won't admit that libressl actually exist :)

(https://devsonacid.wordpress.com/2014/07/12/how-compatible-i..., https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html)

But situation is changing as more and more upstream developers abandon those APIs : https://github.com/gentoo/libressl/blob/master/README.md

And I guess this is cool thing about libressl: even if it fails to replace openssl for real good, it is still forcing others to advance toward right direction (remember the linux fork fuss last year? You can disagree with me but I myself consider it linux's 'fault' not to have consistent mechanism of extracting entropy....it doesn't have to be arc4random but it could have been better in the first place if this IMO)

[caf]

I don't know why they didn't keep RAND_egd() in, but just implement it as:

  int RAND_egd(const char *path)
  {
      return -1;
  }

[masamune__]

Yeah, that's the quickest fix for some softwares but OpenBSD devs can be really 'uncompromising' when they consider some features broken/dangerous. That's how they managed to have "2 remote holes in default install" for decades I guess :/

http://marc.info/?l=openbsd-tech&m=140512043210089&w=2

https://www.mail-archive.com/linux-crypto%40vger.kernel.org/...

[caf]

That's not really an answer, though, is it? Because the feature is just as gone, it's just that it still remains API-compatible.