From: Eric Wong <normalperson@...>
Date: 2014-08-11T20:36:31+00:00
Subject: [ruby-core:64314] Re: [ruby-trunk - Bug #10046] OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures

e@zzak.io wrote:
> Can we vendor openssl like we do libyaml?

Not speaking for Martin, but I think that would be a horrible idea.
OpenSSL has new CVEs issued for it all the time and that would be a big
maintenance burden to stay up-to-date with new releases.  It also gives
OpenSSL even more inertia, making it harder to adopt alternatives.