what will code look like after the ASN1 redesigning?
I am planing to implement the ASN1 code for PKIX, the first
step should be OCSP.If anyone are planing to rewrite the ASN1
code, tell me the details.
>
> IN PROGRESS
>
> o Steve is currently working on (in no particular order):
> ASN1 code redesign, butchery, replacement.
> EVP cipher enhancement.
> Proper (or at least usable) certificate chain verification.
> Private key, certificate and CRL API and implementation.
> Developing and bugfixing PKCS#7 (S/MIME code).
> Various X509 issues: character sets, certificate request extensions.
> o Geoff and Richard are currently working on:
> ENGINE (the new code that gives hardware support among others).
> o Richard is currently working on:
> UTIL (a new set of library functions to support some higher level
> functionality that is currently missing).
> Dynamic thread-lock support.
> Shared library support for VMS.
>
> NEEDS PATCH
>
> o non-blocking socket on AIX
> o $(PERL) in */Makefile.ssl
> o "Sign the certificate?" - "n" creates empty certificate file
>
> OPEN ISSUES
>
> o internal_verify doesn't know about X509.v3 (basicConstraints
> CA flag ...)
>
> o The Makefile hierarchy and build mechanism is still not a round thing:
>
> 1. The config vs. Configure scripts
> It's the same nasty situation as for Apache with APACI vs.
> src/Configure. It confuses.
> Suggestion: Merge Configure and config into a single configure
> script with a Autoconf style interface ;-) and remove
> Configure and config. Or even let us use GNU Autoconf
> itself. Then we can avoid a lot of those platform checks
> which are currently in Configure.
>
> o Support for Shared Libraries has to be added at least
> for the major Unix platforms. The details we can rip from the stuff
> Ralf has done for the Apache src/Configure script. Ben wants the
> solution to be really simple.
>
> Status: Ralf will look how we can easily incorporate the
> compiler PIC and linker DSO flags from Apache
> into the OpenSSL Configure script.
>
> Ulf: +1 for using GNU autoconf and libtool (but not automake,
> which apparently is not flexible enough to generate
> libcrypto)
>
>
> o The perl/ stuff needs a major overhaul. Currently it's
> totally obsolete. Either we clean it up and enhance it to be up-to-date
> with the C code or we also could replace it with the really nice
> Net::SSLeay package we can find under
> http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
> longer time and it works fine and is a nice Perl module. Best would be
> to convince the author to work for the OpenSSL project and create a
> Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
> us.
>
> Status: Ralf thinks we should both contact the author of Net::SSLeay
> and look how much effort it is to bring Eric's perl/ stuff up
> to date.
> Paul +1
>
> WISHES
>
> o
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
