More than eight years after the fork, active development on LibreSSL continues. Feature and API additions happen on an as-needed basis and code is continually cleaned up, improved, rewritten, and removed.

This talk will survey some of the major contributions to LibreSSL since the last LibreSSL talk at BSDCan 2019. These include Bob Beck's X.509 validator, Joel Sing's rewrite of the legacy TLS record layer and the major refactoring of the templated ASN.1 decoder, Ingo Schwarze's documentation improvements and the author's work on API compatibility with OpenSSL and several other features in libcrypto, libssl and libtls.

Quite a bit of effort also went into porting and fixing OpenSSL's RFC 3779 support. This is code to handle X.509 extensions containing lists of IP addresses and AS numbers as used in the Resource Public Key Infrastructure (RPKI) and is used notably in OpenBSD's rpki-client(8).

After a look into the past, there will also be a discussion of ongoing work, current goals and non-goals as well as pain points and upcoming challenges.