2 OpenSSL STATUS Last modified at
3 ______________ $Date: 1999/01/02 16:28:51 $
7 o OpenSSL 0.9.2: Under development.
8 o OpenSSL 0.9.1c: Released on December 23th, 1998
16 o Ben is folding in his patches
22 o The Makefile hierarchy and build mechanism is still not a round thing:
24 1. The config vs. Configure scripts
25 It's the same nasty situation as for Apache with APACI vs.
26 src/Configure. It confuses.
27 Suggestion: Merge Configure and config into a single configure
28 script with a Autoconf style interface ;-) and remove
29 Configure and config. Or even let us use GNU Autoconf
30 itself. Then we can avoid a lot of those platform checks
31 which are currently in Configure.
33 2. The massive symlinking of Makefile.ssl -> Makefile:
34 First the `make -f Makefile.ssl links' command is nasty, second the
35 whole process is slow and third it seems to be done without real
36 need. And forth, the dependecies are currently missing. And fifth,
37 it's complicated to always go to the top-level in order to get the
38 local variables overriden.
39 Suggestion: Rename Makefile.ssl to Makefile.in, add
40 dependencies to Makefile.in and change the build process
41 to _generate_ Makefile out of Makefile.in by
42 substituting variables like CC, etc. This solves the
45 3. The xxx.org -> xxx.h generation:
46 It's not obvious for which file xxx.org is the source.
47 Suggestion: Rename xxx.org to xxx.h.in (Autoconf style), this way
48 one sees that xxx.h.in is the input for xxx.h
50 o The installation under "make install" produces a very
51 installation layout: $prefix/certs and $prefix/private dirs. That's
52 not nice. Ralf suggests to move the two certs and private dirs either
53 to $prefix/etc/, $prefix/lib/ or $prefix/share. Alternatively
54 we could also not install the certs at all.
56 Status: Ralf +1 for both not installing the certs at all and
57 moving it to $prefix/etc/. +0 for $prefix/lib/
59 Paul: why is it not nice?
60 Ralf: because it messes up the install dir when
61 $prefix is not a dedicated area like /usr/local/ssl.
62 When we move them to a standard subdir like
63 etc/ lib/ or share/ we don't mess up things
64 when $prefix is /usr or /usr/local, etc.
65 Additionally it makes package vendors life
68 o Support for Shared Libraries has to be added at least
69 for the major Unix platforms. The details we can rip from the stuff
70 Ralf has done for the Apache src/Configure script. Ben wants the
71 solution to be really simple.
73 Status: Ralf will look how we can easily incorporate the
74 compiler PIC and linker DSO flags from Apache
75 into the OpenSSL Configure script.
77 o The perl/ stuff needs a major overhaul. Currently it's
78 totally obsolete. Either we clean it up and enhance it to be up-to-date
79 with the C code or we also could replace it with the really nice
80 Net::SSLeay package we can find under
81 http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
82 longer time and it works fine and is a nice Perl module. Best would be
83 to convince the author to work for the OpenSSL project and create a
84 Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
87 Status: Ralf thinks we should both contact the author of Net::SSLeay
88 and look how much effort it is to bring Eric's perl/ stuff up
92 o Ralf has ported Stephen's pkcs12 program to OpenSSL (the
93 ASN.1 stuff Eric recently changed :-( ), but needs some help from
94 Stephen at two source locations. Stephen itself also has ported his
95 internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't
96 incorporate it into OpenSSL because it needs more cleanups. Ralf still
97 thinks pkcs12 should be incorporated better now than later because it's
98 nasty to not have it in the core - one always has to install it
99 manually and a lot of people use it. So, should we incorporate it?
100 BTW, we have to be carefully because of the pkcs12 license: There are
101 some things which don't match the OpenSSL license, so Stephen has to
102 change it for us when we want to incorporate the code.
104 Status: Ralf +1, Stephen -0