And the code starts with
#![forbid(unsafe_code)], showing that
unsafe is not always required for performance
That annotation provides significant assurance that this code, by avoiding
unsafe in its specific implementation (though of course using some
stdlib functions that necessarily use
unsafe), is not repeating the invitation to malware of the OpenSSL library that it replaces.
I'm not sure this necessary shows that, though it does demonstrate that when one needs
unsafe for performance, it can be separated out to a separate crate that exposes a safe abstraction, which in some ways is even better
Does this crate support StartTLS?
Last time I looked at the API I could not work out
how to pass a file descriptor to start negotiation and I ended up using OpenSSL.