RE: [STATUS] OpenSSL (Sun 7-May-2000)

Mon, 08 May 2000 00:15:25 -0700 

I have a number of patches against 0.9.4 supporting shared libraries on AIX,
Solaris, and NT. I plan to sync up with 0.9.5a and/or 0.9.6 in the next
couple days. Let me know if you're interested in seeing the diffs.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of OpenSSL Project
> Sent: Sunday, May 07, 2000 11:15 AM
> To: [EMAIL PROTECTED]
> Subject: [STATUS] OpenSSL (Sun 7-May-2000)
>
>
>
>   OpenSSL STATUS                           Last modified at
>   ______________                           $Date: 2000/04/14 23:35:50 $
>
>   DEVELOPMENT STATE
>
>     o  OpenSSL 0.9.6:  Under development...
>     o  OpenSSL 0.9.5a: Released on April     1st, 2000
>     o  OpenSSL 0.9.5:  Released on February 28th, 2000
>     o  OpenSSL 0.9.4:  Released on August   09th, 1999
>     o  OpenSSL 0.9.3a: Released on May      29th, 1999
>     o  OpenSSL 0.9.3:  Released on May      25th, 1999
>     o  OpenSSL 0.9.2b: Released on March    22th, 1999
>     o  OpenSSL 0.9.1c: Released on December 23th, 1998
>
>   RELEASE SHOWSTOPPERS
>
>   AVAILABLE PATCHES
>
>     o CA.pl patch (Damien Miller)
>
>   IN PROGRESS
>
>     o Steve is currently working on (in no particular order):
>         Proper (or at least usable) certificate chain verification.
>       Private key, certificate and CRL API and implementation.
>       Developing and bugfixing PKCS#7 (S/MIME code).
>         Various X509 issues: character sets, certificate request
> extensions.
>       Documentation for the openssl utility.
>
>   NEEDS PATCH
>
>     o  non-blocking socket on AIX
>     o  $(PERL) in */Makefile.ssl
>     o  "Sign the certificate?" - "n" creates empty certificate file
>
>   OPEN ISSUES
>
>     o internal_verify doesn't know about X509.v3 (basicConstraints
>       CA flag ...)
>
>     o  The Makefile hierarchy and build mechanism is still not a
> round thing:
>
>        1. The config vs. Configure scripts
>           It's the same nasty situation as for Apache with APACI vs.
>           src/Configure. It confuses.
>           Suggestion: Merge Configure and config into a single configure
>                       script with a Autoconf style interface ;-)
> and remove
>                       Configure and config. Or even let us use
> GNU Autoconf
>                       itself. Then we can avoid a lot of those
> platform checks
>                       which are currently in Configure.
>
>     o  Support for Shared Libraries has to be added at least
>        for the major Unix platforms. The details we can rip from the stuff
>        Ralf has done for the Apache src/Configure script. Ben wants the
>        solution to be really simple.
>
>        Status: Ralf will look how we can easily incorporate the
>                compiler PIC and linker DSO flags from Apache
>                into the OpenSSL Configure script.
>
>                Ulf: +1 for using GNU autoconf and libtool (but
> not automake,
>                     which apparently is not flexible enough to generate
>                     libcrypto)
>
>
>     o  The perl/ stuff needs a major overhaul. Currently it's
>        totally obsolete. Either we clean it up and enhance it to
> be up-to-date
>        with the C code or we also could replace it with the really nice
>        Net::SSLeay package we can find under
>        http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this
> package for a
>        longer time and it works fine and is a nice Perl module.
> Best would be
>        to convince the author to work for the OpenSSL project and create a
>        Net::OpenSSL or Crypt::OpenSSL package out of it and
> maintains it for
>        us.
>
>        Status: Ralf thinks we should both contact the author of
> Net::SSLeay
>                and look how much effort it is to bring Eric's
> perl/ stuff up
>                to date.
>                Paul +1
>
>     o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
>       structure for each cipher. This may make sense for things
> like DES but
>       for variable length ciphers like RC2 and RC4 it is NBG.
> Need a way to
>       use the EVP interface and set up the cipher parameters. The
> ASN1 stuff
>       is also foo wrt ciphers whose AlgorithmIdentifier has more than just
>       an IV in it (e.g. RC2, RC5). This also means that EVP_Seal
> and EVP_Open
>       don't work unless the key length matches the fixed value
> (some vendors
>       use a key length decided by the size of the RSA encrypted
> key and expect
>       RC2 to adapt).
>
>   WISHES
>
>     o
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to