OpenSSL STATUS Last modified at ______________ $Date: 2001/03/22 10:59:41 $ DEVELOPMENT STATE o OpenSSL 0.9.7: Under development... o OpenSSL 0.9.6a: Bugfix release -- under development... Beta 1 released on March 13th, 2001 HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine] HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine] HP-UX 11.00 32bit (hpux-parisc-gcc) - FAILED [engine] "openssl speed rsa1024 -engine cswift" fails unless libswift.sl is renamed to libswift.so. [CORRECTED] HP MPE/iX - PASSED [presumed normal] Linux 2.2.17 SMP (linux-elf) - PASSED [normal+engine] Windows (VC-WIN32) - FAILED [presumed normal] Missing line in ms/32all.bat: perl util\mkfiles.pl >MINFO [CORRECTED] In randfile.c, line 214, signed and unsigned int are mixed. [CORRECTED] In s_client.c and s_server.c, RAND_status() needs to get declared (#include ) [CORRECTED] OpenVMS (any version) - FAILED [normal+engine] Missing instructions in building script. [CORRECTED] AIX 4.3 - FAILED [engine] Needs -DDSO_DLFCN and -DHAVE_DLFCN_H to work. [CORRECTED] (but will not be automagically configured) Irix 6.5.11 - FAILED [presumed normal] BN_sqr test fails. solaris64-sparcv9-cc (SunOS 5.8) - PASSED [normal+engine] BSDI 4.0.1 (bsdi-elf-gcc) - FAILED [engine] Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work. [CORRECTED] mingw32 w/ gcc 2.95.2 - PASSED [presumed normal] Beta 2 released on March 21st, 2001 o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 o OpenSSL 0.9.3a: Released on May 29th, 1999 o OpenSSL 0.9.3: Released on May 25th, 1999 o OpenSSL 0.9.2b: Released on March 22th, 1999 o OpenSSL 0.9.1c: Released on December 23th, 1998 RELEASE SHOWSTOPPERS AVAILABLE PATCHES IN PROGRESS o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. OCSP EVP cipher enhancement. Enhanced certificate chain verification. Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. o Geoff and Richard are currently working on: ENGINE (the new code that gives hardware support among others). o Richard is currently working on: UTIL (a new set of library functions to support some higher level functionality that is currently missing). Shared library support for VMS. OCSP Kerberos 5 authentication Constification NEEDS PATCH o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file o OpenSSL_0_9_6-stable: #include in exported header files is illegal since e_os.h is suitable only for library-internal use. o Whenever strncpy is used, make sure the resulting string is NULL-terminated or an error is reported OPEN ISSUES o crypto/ex_data.c is not really thread-safe and so must be used with care (e.g., extra locking where necessary, or don't call CRYPTO_get_ex_new_index once multiple threads exist). The current API is not suitable for everything that it pretends to offer. o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts It's the same nasty situation as for Apache with APACI vs. src/Configure. It confuses. Suggestion: Merge Configure and config into a single configure script with a Autoconf style interface ;-) and remove Configure and config. Or even let us use GNU Autoconf itself. Then we can avoid a lot of those platform checks which are currently in Configure. o Support for Shared Libraries has to be added at least for the major Unix platforms. The details we can rip from the stuff Ralf has done for the Apache src/Configure script. Ben wants the solution to be really simple. Status: Ralf will look how we can easily incorporate the compiler PIC and linker DSO flags from Apache into the OpenSSL Configure script. Ulf: +1 for using GNU autoconf and libtool (but not automake, which apparently is not flexible enough to generate libcrypto) o The perl/ stuff needs a major overhaul. Currently it's totally obsolete. Either we clean it up and enhance it to be up-to-date with the C code or we also could replace it with the really nice Net::SSLeay package we can find under http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a longer time and it works fine and is a nice Perl module. Best would be to convince the author to work for the OpenSSL project and create a Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for us. Status: Ralf thinks we should both contact the author of Net::SSLeay and look how much effort it is to bring Eric's perl/ stuff up to date. Paul +1 WISHES o