]>
Commit | Line | Data |
---|---|---|
75b8dfc0 RE |
1 | |
2 | OpenSSL STATUS Last modified at | |
bbd1c84e | 3 | ______________ $Date: 2001/02/22 15:10:11 $ |
75b8dfc0 RE |
4 | |
5 | DEVELOPMENT STATE | |
6 | ||
c5e8580e | 7 | o OpenSSL 0.9.7: Under development... |
a14280d4 | 8 | o OpenSSL 0.9.6a: Bugfix release -- under development... |
16221173 RL |
9 | o OpenSSL 0.9.6: Released on September 24th, 2000 |
10 | o OpenSSL 0.9.5a: Released on April 1st, 2000 | |
11 | o OpenSSL 0.9.5: Released on February 28th, 2000 | |
12 | o OpenSSL 0.9.4: Released on August 09th, 1999 | |
13 | o OpenSSL 0.9.3a: Released on May 29th, 1999 | |
14 | o OpenSSL 0.9.3: Released on May 25th, 1999 | |
15 | o OpenSSL 0.9.2b: Released on March 22th, 1999 | |
16 | o OpenSSL 0.9.1c: Released on December 23th, 1998 | |
75b8dfc0 RE |
17 | |
18 | RELEASE SHOWSTOPPERS | |
19 | ||
91b842c9 BM |
20 | o |
21 | ||
75b8dfc0 RE |
22 | AVAILABLE PATCHES |
23 | ||
40753f76 | 24 | o |
189b6a60 | 25 | |
75b8dfc0 RE |
26 | IN PROGRESS |
27 | ||
67d5ac03 | 28 | o Steve is currently working on (in no particular order): |
75c4f7e0 | 29 | ASN1 code redesign, butchery, replacement. |
36f554d4 | 30 | OCSP |
7f060601 | 31 | EVP cipher enhancement. |
36f554d4 | 32 | Enhanced certificate chain verification. |
1d48dd00 | 33 | Private key, certificate and CRL API and implementation. |
5a9a4b29 | 34 | Developing and bugfixing PKCS#7 (S/MIME code). |
87c49f62 | 35 | Various X509 issues: character sets, certificate request extensions. |
1e552869 RL |
36 | o Geoff and Richard are currently working on: |
37 | ENGINE (the new code that gives hardware support among others). | |
38 | o Richard is currently working on: | |
39 | UTIL (a new set of library functions to support some higher level | |
40 | functionality that is currently missing). | |
79d2eb64 | 41 | Shared library support for VMS. |
257341b5 RL |
42 | OCSP |
43 | Kerberos 5 authentication | |
44 | Constification | |
679ab7c3 | 45 | |
75b8dfc0 RE |
46 | NEEDS PATCH |
47 | ||
91b842c9 | 48 | o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file |
acafc0b4 | 49 | |
bbd1c84e BM |
50 | o OpenSSL_0_9_6-stable: |
51 | #include <openssl/e_os.h> in exported header files is illegal since | |
d0a8af61 BM |
52 | e_os.h is suitable only for library-internal use. |
53 | ||
f2c46006 BM |
54 | o Whenever strncpy is used, make sure the resulting string is NULL-terminated |
55 | or an error is reported | |
56 | ||
40753f76 BM |
57 | OPEN ISSUES |
58 | ||
a14280d4 BM |
59 | o crypto/ex_data.c is not really thread-safe and so must be used |
60 | with care (e.g., extra locking where necessary, or don't call | |
61 | CRYPTO_get_ex_new_index once multiple threads exist). | |
62 | The current API is not suitable for everything that it pretends | |
63 | to offer. | |
64 | ||
2ec077d8 RE |
65 | o The Makefile hierarchy and build mechanism is still not a round thing: |
66 | ||
67 | 1. The config vs. Configure scripts | |
68 | It's the same nasty situation as for Apache with APACI vs. | |
69 | src/Configure. It confuses. | |
70 | Suggestion: Merge Configure and config into a single configure | |
71 | script with a Autoconf style interface ;-) and remove | |
72 | Configure and config. Or even let us use GNU Autoconf | |
73 | itself. Then we can avoid a lot of those platform checks | |
74 | which are currently in Configure. | |
75 | ||
a6f20a1e RE |
76 | o Support for Shared Libraries has to be added at least |
77 | for the major Unix platforms. The details we can rip from the stuff | |
78 | Ralf has done for the Apache src/Configure script. Ben wants the | |
79 | solution to be really simple. | |
80 | ||
81 | Status: Ralf will look how we can easily incorporate the | |
82 | compiler PIC and linker DSO flags from Apache | |
83 | into the OpenSSL Configure script. | |
84 | ||
eb025998 UM |
85 | Ulf: +1 for using GNU autoconf and libtool (but not automake, |
86 | which apparently is not flexible enough to generate | |
87 | libcrypto) | |
88 | ||
89 | ||
a6f20a1e RE |
90 | o The perl/ stuff needs a major overhaul. Currently it's |
91 | totally obsolete. Either we clean it up and enhance it to be up-to-date | |
92 | with the C code or we also could replace it with the really nice | |
93 | Net::SSLeay package we can find under | |
94 | http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a | |
95 | longer time and it works fine and is a nice Perl module. Best would be | |
96 | to convince the author to work for the OpenSSL project and create a | |
97 | Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for | |
98 | us. | |
99 | ||
100 | Status: Ralf thinks we should both contact the author of Net::SSLeay | |
101 | and look how much effort it is to bring Eric's perl/ stuff up | |
102 | to date. | |
68a8a41b | 103 | Paul +1 |
a6f20a1e | 104 | |
69d1dfba RE |
105 | WISHES |
106 | ||
48c843c3 | 107 | o |