Harmonize CHANGES and STATUS files between the 0.9.6a branch and

[thirdparty/openssl.git] / STATUS

  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 2001/03/22 10:59:41 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.7:  Under development...
    o  OpenSSL 0.9.6a: Bugfix release -- under development...
                       Beta 1 released on March 13th, 2001
	HP-UX 10.20 (hpux-parisc-cc)		- PASSED [normal+engine]
	HP-UX 10.20 (hpux-parisc-gcc)		- PASSED [normal+engine]
	HP-UX 11.00 32bit (hpux-parisc-gcc)	- FAILED [engine]
		"openssl speed rsa1024 -engine cswift" fails unless
		libswift.sl is renamed to libswift.so.
		[CORRECTED]
	HP MPE/iX				- PASSED [presumed normal]
	Linux 2.2.17 SMP (linux-elf)		- PASSED [normal+engine]
	Windows (VC-WIN32)			- FAILED [presumed normal]
		Missing line in ms/32all.bat:
			perl util\mkfiles.pl >MINFO
		[CORRECTED]
		In randfile.c, line 214, signed and unsigned int are mixed.
		[CORRECTED]
		In s_client.c and s_server.c, RAND_status() needs to get
		declared (#include <openssl/rand.h>)
		[CORRECTED]
	OpenVMS (any version)			- FAILED [normal+engine]
		Missing instructions in building script.
		[CORRECTED]
	AIX 4.3					- FAILED [engine]
		Needs -DDSO_DLFCN and -DHAVE_DLFCN_H to work.
		[CORRECTED] (but will not be automagically configured)
	Irix 6.5.11				- FAILED [presumed normal]
		BN_sqr test fails.
        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal+engine]
	BSDI 4.0.1 (bsdi-elf-gcc)		- FAILED [engine]
		Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work.
		[CORRECTED]
	mingw32 w/ gcc 2.95.2			- PASSED [presumed normal]
                       Beta 2 released on March 21st, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
    o  OpenSSL 0.9.4:  Released on August    09th, 1999
    o  OpenSSL 0.9.3a: Released on May       29th, 1999
    o  OpenSSL 0.9.3:  Released on May       25th, 1999
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

  RELEASE SHOWSTOPPERS

  AVAILABLE PATCHES

  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
        OCSP
        EVP cipher enhancement.
        Enhanced certificate chain verification.
	Private key, certificate and CRL API and implementation.
	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Geoff and Richard are currently working on:
	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
	UTIL (a new set of library functions to support some higher level
	      functionality that is currently missing).
	Shared library support for VMS.
	OCSP
	Kerberos 5 authentication
	Constification

  NEEDS PATCH

    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

    o  OpenSSL_0_9_6-stable:
       #include <openssl/e_os.h> in exported header files is illegal since
       e_os.h is suitable only for library-internal use.

    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported

  OPEN ISSUES

    o  crypto/ex_data.c is not really thread-safe and so must be used
       with care (e.g., extra locking where necessary, or don't call
       CRYPTO_get_ex_new_index once multiple threads exist).
       The current API is not suitable for everything that it pretends
       to offer.

    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.

    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.

       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.

               Ulf: +1 for using GNU autoconf and libtool (but not automake,
                    which apparently is not flexible enough to generate
                    libcrypto)


    o  The perl/ stuff needs a major overhaul. Currently it's
       totally obsolete. Either we clean it up and enhance it to be up-to-date
       with the C code or we also could replace it with the really nice
       Net::SSLeay package we can find under
       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
       longer time and it works fine and is a nice Perl module. Best would be
       to convince the author to work for the OpenSSL project and create a
       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
       us.

       Status: Ralf thinks we should both contact the author of Net::SSLeay
               and look how much effort it is to bring Eric's perl/ stuff up
               to date.
               Paul +1

  WISHES

    o