I think a big problem with OpenSSL being a magic box is the lack of documentation, and APIs that
are quite horrible if you want to do something a bit differently than everyone else. Usually whenever
I want to add a new TLS related feature I'll just try to find out existing code that does something
similar (because the functions' manual pages don't exist or are almost empty). And when that fails
(and it often does) I'll just have go read the OpenSSL code directly. And when I find that there
doesn't exist an easy way to do what I want, I'll just go and copy&paste a large chunk of OpenSSL
code to my code and modify it slightly..
I guess I should start looking at GNUTLS again, maybe things are better there..