[thirdparty/openssl.git] / STATUS


  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 2001/02/22 15:10:11 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.7:  Under development...
    o  OpenSSL 0.9.6a: Bugfix release -- under development...
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
    o  OpenSSL 0.9.4:  Released on August    09th, 1999
    o  OpenSSL 0.9.3a: Released on May       29th, 1999
    o  OpenSSL 0.9.3:  Released on May       25th, 1999
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

  RELEASE SHOWSTOPPERS

    o

  AVAILABLE PATCHES

    o

  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
        OCSP
        EVP cipher enhancement.
        Enhanced certificate chain verification.
	Private key, certificate and CRL API and implementation.
	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Geoff and Richard are currently working on:
	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
	UTIL (a new set of library functions to support some higher level
	      functionality that is currently missing).
	Shared library support for VMS.
	OCSP
	Kerberos 5 authentication
	Constification

  NEEDS PATCH

    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

    o  OpenSSL_0_9_6-stable:
       #include <openssl/e_os.h> in exported header files is illegal since
       e_os.h is suitable only for library-internal use.

    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported

  OPEN ISSUES

    o  crypto/ex_data.c is not really thread-safe and so must be used
       with care (e.g., extra locking where necessary, or don't call
       CRYPTO_get_ex_new_index once multiple threads exist).
       The current API is not suitable for everything that it pretends
       to offer.

    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.

    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.

       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.

               Ulf: +1 for using GNU autoconf and libtool (but not automake,
                    which apparently is not flexible enough to generate
                    libcrypto)


    o  The perl/ stuff needs a major overhaul. Currently it's
       totally obsolete. Either we clean it up and enhance it to be up-to-date
       with the C code or we also could replace it with the really nice
       Net::SSLeay package we can find under
       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
       longer time and it works fine and is a nice Perl module. Best would be
       to convince the author to work for the OpenSSL project and create a
       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
       us.

       Status: Ralf thinks we should both contact the author of Net::SSLeay
               and look how much effort it is to bring Eric's perl/ stuff up
               to date.
               Paul +1

  WISHES

    o
Commit	Line	Data
75b8dfc0 RE	1
75b8dfc0 RE	2	OpenSSL STATUS Last modified at
bbd1c84e	3	______________ $Date: 2001/02/22 15:10:11 $
75b8dfc0 RE	4
	5	DEVELOPMENT STATE
	6
c5e8580e	7	o OpenSSL 0.9.7: Under development...
a14280d4	8	o OpenSSL 0.9.6a: Bugfix release -- under development...
16221173 RL	9	o OpenSSL 0.9.6: Released on September 24th, 2000
	10	o OpenSSL 0.9.5a: Released on April 1st, 2000
	11	o OpenSSL 0.9.5: Released on February 28th, 2000
	12	o OpenSSL 0.9.4: Released on August 09th, 1999
	13	o OpenSSL 0.9.3a: Released on May 29th, 1999
	14	o OpenSSL 0.9.3: Released on May 25th, 1999
	15	o OpenSSL 0.9.2b: Released on March 22th, 1999
	16	o OpenSSL 0.9.1c: Released on December 23th, 1998
75b8dfc0 RE	17
	18	RELEASE SHOWSTOPPERS
	19
91b842c9 BM	20	o
91b842c9 BM	21
75b8dfc0 RE	22	AVAILABLE PATCHES
75b8dfc0 RE	23
40753f76	24	o
189b6a60	25
75b8dfc0 RE	26	IN PROGRESS
75b8dfc0 RE	27
67d5ac03	28	o Steve is currently working on (in no particular order):
75c4f7e0	29	ASN1 code redesign, butchery, replacement.
36f554d4	30	OCSP
7f060601	31	EVP cipher enhancement.
36f554d4	32	Enhanced certificate chain verification.
1d48dd00	33	Private key, certificate and CRL API and implementation.
5a9a4b29	34	Developing and bugfixing PKCS#7 (S/MIME code).
87c49f62	35	Various X509 issues: character sets, certificate request extensions.
1e552869 RL	36	o Geoff and Richard are currently working on:
	37	ENGINE (the new code that gives hardware support among others).
	38	o Richard is currently working on:
	39	UTIL (a new set of library functions to support some higher level
	40	functionality that is currently missing).
79d2eb64	41	Shared library support for VMS.
257341b5 RL	42	OCSP
	43	Kerberos 5 authentication
	44	Constification
679ab7c3	45
75b8dfc0 RE	46	NEEDS PATCH
75b8dfc0 RE	47
91b842c9	48	o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
acafc0b4	49
bbd1c84e BM	50	o OpenSSL_0_9_6-stable:
bbd1c84e BM	51	#include <openssl/e_os.h> in exported header files is illegal since
d0a8af61 BM	52	e_os.h is suitable only for library-internal use.
d0a8af61 BM	53
f2c46006 BM	54	o Whenever strncpy is used, make sure the resulting string is NULL-terminated
	55	or an error is reported
	56
40753f76 BM	57	OPEN ISSUES
40753f76 BM	58
a14280d4 BM	59	o crypto/ex_data.c is not really thread-safe and so must be used
	60	with care (e.g., extra locking where necessary, or don't call
	61	CRYPTO_get_ex_new_index once multiple threads exist).
	62	The current API is not suitable for everything that it pretends
	63	to offer.
	64
2ec077d8 RE	65	o The Makefile hierarchy and build mechanism is still not a round thing:
	66
	67	1. The config vs. Configure scripts
	68	It's the same nasty situation as for Apache with APACI vs.
	69	src/Configure. It confuses.
	70	Suggestion: Merge Configure and config into a single configure
	71	script with a Autoconf style interface ;-) and remove
	72	Configure and config. Or even let us use GNU Autoconf
	73	itself. Then we can avoid a lot of those platform checks
	74	which are currently in Configure.
	75
a6f20a1e RE	76	o Support for Shared Libraries has to be added at least
	77	for the major Unix platforms. The details we can rip from the stuff
	78	Ralf has done for the Apache src/Configure script. Ben wants the
	79	solution to be really simple.
	80
	81	Status: Ralf will look how we can easily incorporate the
	82	compiler PIC and linker DSO flags from Apache
	83	into the OpenSSL Configure script.
	84
eb025998 UM	85	Ulf: +1 for using GNU autoconf and libtool (but not automake,
	86	which apparently is not flexible enough to generate
	87	libcrypto)
	88
	89
a6f20a1e RE	90	o The perl/ stuff needs a major overhaul. Currently it's
	91	totally obsolete. Either we clean it up and enhance it to be up-to-date
	92	with the C code or we also could replace it with the really nice
	93	Net::SSLeay package we can find under
	94	http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
	95	longer time and it works fine and is a nice Perl module. Best would be
	96	to convince the author to work for the OpenSSL project and create a
	97	Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
	98	us.
	99
	100	Status: Ralf thinks we should both contact the author of Net::SSLeay
	101	and look how much effort it is to bring Eric's perl/ stuff up
	102	to date.
68a8a41b	103	Paul +1
a6f20a1e	104
69d1dfba RE	105	WISHES
69d1dfba RE	106
48c843c3	107	o