Sorry to break in, but is there a need for a guy who can do development
for VMS on OpenSSL...?
At 08:15 PM 8/15/99 +0200, OpenSSL Project wrote:
>
> OpenSSL STATUS Last modified at
> ______________ $Date: 1999/08/14 20:49:37 $
>
> DEVELOPMENT STATE
>
> o OpenSSL 0.9.5: Under development...
> o OpenSSL 0.9.4: Released on August 09th, 1999
> o OpenSSL 0.9.3a: Released on May 29th, 1999
> o OpenSSL 0.9.3: Released on May 25th, 1999
> o OpenSSL 0.9.2b: Released on March 22th, 1999
> o OpenSSL 0.9.1c: Released on December 23th, 1998
>
> RELEASE SHOWSTOPPERS
>
> AVAILABLE PATCHES
>
> o getenv in ca.c and x509_def.c ([EMAIL PROTECTED])
>
> IN PROGRESS
>
> o Steve is currently working on (in no particular order):
> Proper (or at least usable) certificate chain verification.
> Private key, certificate and CRL API and implementation.
> Checking and bugfixing PKCS#7 (S/MIME code).
> Various X509 issues: character sets, certificate request extensions.
>
> o Mark is currently working on:
> Folding in any changes that are in the C2Net code base that were
> not in the original SSLeay-0.9.1.b release. Plus other minor
> tidying.
>
> o Ralf is currently working on:
> 1. Support for SSL_set_default_verify_paths(),
> SSL_load_verify_locations(), SSL_get_cert_store() and
> SSL_set_cert_store() functions which work like their existing
> SSL_CTX_xxx() variants but on a per connection basis. That's needed
> to let us provide full-featured per-URL client verification in
> mod_ssl or Apache-SSL.
> => It still dumps core, so I suspend this and investigate
> again for OpenSSL 0.9.3.
> 2. The perl/ stuff to make it really work the first time ;-)
> => I'll investigate a few more hours for OpenSSL 0.9.2
> 3. The new documentation set in POD format under doc/
> => I'll investigate a few more hours for OpenSSL 0.9.2
> 4. More cleanups to get rid of obsolete/old/ugly files in the
> source tree which are not really needed.
> => Done all which were possible with my personal knowledge
>
> o Ben is currently working on:
> 1. Function Prototype Thought Police issues.
> 2. Integrated documentation.
> 3. New TLS Ciphersuites.
> 4. Anything else that takes his fancy.
>
> NEEDS PATCH
>
> o base64 decoding bug (Ivan Nejgebauer)
> o [EMAIL PROTECTED] (Rich Salz): Bug in X509_name_print
> <[EMAIL PROTECTED]>
> o $(PERL) in */Makefile.ssl
> o "Sign the certificate?" - "n" creates empty certificate file
>
> OPEN ISSUES
>
> o internal_verify doesn't know about X509.v3 (basicConstraints
> CA flag ...)
>
> o The Makefile hierarchy and build mechanism is still not a round thing:
>
> 1. The config vs. Configure scripts
> It's the same nasty situation as for Apache with APACI vs.
> src/Configure. It confuses.
> Suggestion: Merge Configure and config into a single configure
> script with a Autoconf style interface ;-) and remove
> Configure and config. Or even let us use GNU Autoconf
> itself. Then we can avoid a lot of those platform checks
> which are currently in Configure.
>
> o Support for Shared Libraries has to be added at least
> for the major Unix platforms. The details we can rip from the stuff
> Ralf has done for the Apache src/Configure script. Ben wants the
> solution to be really simple.
>
> Status: Ralf will look how we can easily incorporate the
> compiler PIC and linker DSO flags from Apache
> into the OpenSSL Configure script.
>
> o The perl/ stuff needs a major overhaul. Currently it's
> totally obsolete. Either we clean it up and enhance it to be up-to-date
> with the C code or we also could replace it with the really nice
> Net::SSLeay package we can find under
> http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
> longer time and it works fine and is a nice Perl module. Best would be
> to convince the author to work for the OpenSSL project and create a
> Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
> us.
>
> Status: Ralf thinks we should both contact the author of Net::SSLeay
> and look how much effort it is to bring Eric's perl/ stuff up
> to date.
> Paul +1
>
> o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
> structure for each cipher. This may make sense for things like DES but
> for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
> use the EVP interface and set up the cipher parameters. The ASN1 stuff
> is also foo wrt ciphers whose AlgorithmIdentifier has more than just
> an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
> don't work unless the key length matches the fixed value (some vendors
> use a key length decided by the size of the RSA encrypted key and expect
> RC2 to adapt).
>
> o Properly initialize the PRNG in the absence of /dev/random.
>
> o ERR_error_string(..., buf) does not know how large buf is,
> there should be ERR_error_string_n(..., buf, bufsize)
> or similar.
>
> WISHES
>
> o
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>Development Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
------
+-------------------------------+---------------------------------------+
| Dan O'Reilly | "Outside a dog, a book is man's best |
| Principal Engineer | friend. Inside a dog, it's too |
| Process Software Corporation | dark to read." |
| http://www.process.com | -- Groucho Marx |
+-------------------------------+---------------------------------------+
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
