On Wed, Jul 8, 2026 at 3:58 AM Rainer Deyke via Boost <boost@lists.boost.org> wrote:
I've been reading the Corosio documentation, but it looks like I won't have time to finish reading the documentation much less thoroughly review the library before the end of the review period, even with the extension. So here's some quick thoughts.
Thank you for the review of the documentation. Some work has already been done to improve it, but I think most (if not all) of your feedback is relevant and will be integrated in the next pass through it.
Tutorials > TLS Context Configuration is full of red warning boxes that parts of the API are not yet wired up. That's understandable for a library that's still in development, but it suggests that the library is not ready for inclusion in Boost. Worse, it seems that Corosio does not fail safe where TLS is concerned: when the user program tries to use a TLS feature that is not yet implemented, Corosio still makes a TLS connection while silently not using that feature instead of (safely) refusing to connect.
You are right. The current TLS implementation is not just insufficient, but dangerous. I am currently working on wiring up the remaining parts of the TLS implementation to either work as intended or fail safely.