openssl/STATUS


  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 2002/11/21 22:39:16 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.7:  Under development...
    o  OpenSSL 0.9.6g: Released on August     9th, 2002
    o  OpenSSL 0.9.6f: Released on August     8th, 2002
    o  OpenSSL 0.9.6e: Released on July      30th, 2002
    o  OpenSSL 0.9.6d: Released on May        9th, 2002
    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
    o  OpenSSL 0.9.6a: Released on April      5th, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
    o  OpenSSL 0.9.4:  Released on August    09th, 1999
    o  OpenSSL 0.9.3a: Released on May       29th, 1999
    o  OpenSSL 0.9.3:  Released on May       25th, 1999
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

  RELEASE SHOWSTOPPERS

    o [2002-11-21]
      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
      be optimized away in modern compilers.  This is definitely not good
      and needs to be fixed immediately.  The formula to use is presented
      in:

      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0

      The problem report that mentions this is:

      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343

  AVAILABLE PATCHES

    o 

  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
        OCSP
        EVP cipher enhancement.
        Enhanced certificate chain verification.
	Private key, certificate and CRL API and implementation.
	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Geoff and Richard are currently working on:
	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
	UI (User Interface)
	UTIL (a new set of library functions to support some higher level
	      functionality that is currently missing).
	Shared library support for VMS.
	Kerberos 5 authentication
	Constification
	OCSP

  NEEDS PATCH

    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported

    o  "OpenSSL STATUS" is never up-to-date.

  OPEN ISSUES

    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.

    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.

       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.

               Ulf: +1 for using GNU autoconf and libtool (but not automake,
                    which apparently is not flexible enough to generate
                    libcrypto)


    o  The perl/ stuff needs a major overhaul. Currently it's
       totally obsolete. Either we clean it up and enhance it to be up-to-date
       with the C code or we also could replace it with the really nice
       Net::SSLeay package we can find under
       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
       longer time and it works fine and is a nice Perl module. Best would be
       to convince the author to work for the OpenSSL project and create a
       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
       us.

       Status: Ralf thinks we should both contact the author of Net::SSLeay
               and look how much effort it is to bring Eric's perl/ stuff up
               to date.
               Paul +1

  WISHES

    o  SRP in TLS.
       [wished by:
        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
        Tom Holroyd <tomh@po.crl.go.jp>]

       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
       as well as http://www-cs-students.stanford.edu/~tjw/srp/.

       Tom Holroyd tells us there is a SRP patch for OpenSSH at
       http://members.tripod.com/professor_tom/archives/, that could
       be useful.
Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00
			`OpenSSL STATUS Last modified at`
Mention a current showstopper 2002-11-21 22:39:16 +00:00			`______________ $Date: 2002/11/21 22:39:16 $`
Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00
			`DEVELOPMENT STATE`

update from main branch 2001-09-11 12:26:35 +00:00			`o OpenSSL 0.9.7: Under development...`
Time to release 0.9.6g. The tag will be OpenSSL_0_9_6g. 2002-08-09 11:37:15 +00:00			`o OpenSSL 0.9.6g: Released on August 9th, 2002`
Time to release version 0.9.6f. The tag will be OpenSSL_0_9_6f. 2002-08-08 20:51:52 +00:00			`o OpenSSL 0.9.6f: Released on August 8th, 2002`
Release 0.9.6e. Submitted by: Reviewed by: PR: 2002-07-30 10:34:35 +00:00			`o OpenSSL 0.9.6e: Released on July 30th, 2002`
Updating status for 0.9.6d 2002-05-09 23:53:01 +00:00			`o OpenSSL 0.9.6d: Released on May 9th, 2002`
Status update 2001-12-21 03:23:20 +00:00			`o OpenSSL 0.9.6c: Released on December 21st, 2001`
update from main branch 2001-09-11 12:26:35 +00:00			`o OpenSSL 0.9.6b: Released on July 9th, 2001`
Forgot to update the STATUS file. This will be part of 0.9.6a 2001-04-05 17:42:00 +00:00			`o OpenSSL 0.9.6a: Released on April 5th, 2001`
Forgot to change the STATUS file... 2000-09-24 15:42:34 +00:00			`o OpenSSL 0.9.6: Released on September 24th, 2000`
			`o OpenSSL 0.9.5a: Released on April 1st, 2000`
			`o OpenSSL 0.9.5: Released on February 28th, 2000`
			`o OpenSSL 0.9.4: Released on August 09th, 1999`
			`o OpenSSL 0.9.3a: Released on May 29th, 1999`
			`o OpenSSL 0.9.3: Released on May 25th, 1999`
			`o OpenSSL 0.9.2b: Released on March 22th, 1999`
			`o OpenSSL 0.9.1c: Released on December 23th, 1998`
Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00
			`RELEASE SHOWSTOPPERS`

Mention a current showstopper 2002-11-21 22:39:16 +00:00			`o [2002-11-21]`
			`PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may`
			`be optimized away in modern compilers. This is definitely not good`
			`and needs to be fixed immediately. The formula to use is presented`
			`in:`

			`http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0`

			`The problem report that mentions this is:`

			`https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343`

Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00			`AVAILABLE PATCHES`

remove obsolete entry 2001-11-14 21:21:04 +00:00			`o`
update from main branch 2001-09-11 12:26:35 +00:00
Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00			`IN PROGRESS`

Various PKCS#12 related tidies and fixes: it might even compile now :-) 1999-03-29 00:19:55 +00:00			`o Steve is currently working on (in no particular order):`
Update STATUS. 2000-07-02 21:11:11 +00:00			`ASN1 code redesign, butchery, replacement.`
Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small. 2001-03-22 10:59:18 +00:00			`OCSP`
Beginnings of EVP cipher overhaul. This should eventually enhance and tidy up the EVP interface. This patch adds initial support for variable length ciphers and changes S/MIME code to use this. Some other library functions need modifying to support use of modified cipher parameters. Also need to change all the cipher functions that should return error codes, but currenly don't. And of course it needs extensive testing... 2000-05-26 23:51:35 +00:00			`EVP cipher enhancement.`
Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small. 2001-03-22 10:59:18 +00:00			`Enhanced certificate chain verification.`
Add initial support for r2i RAW extensions which can access the config database add various X509V3_CTX helper functions and support for LHASH as the config database. 1999-04-16 23:57:04 +00:00			`Private key, certificate and CRL API and implementation.`
Merge in my S/MIME library and utility. 1999-12-05 00:40:59 +00:00			`Developing and bugfixing PKCS#7 (S/MIME code).`
Support for parsing of certificate extensions in PKCS#10 requests: these are used by things like Xenroll. Also include documentation for extendedKeyUsage extension. 1999-08-09 22:38:05 +00:00			`Various X509 issues: character sets, certificate request extensions.`
Add info on what some other people are currently working on. 2000-06-14 17:27:02 +00:00			`o Geoff and Richard are currently working on:`
			`ENGINE (the new code that gives hardware support among others).`
			`o Richard is currently working on:`
update from main branch 2001-09-11 12:26:35 +00:00			`UI (User Interface)`
Add info on what some other people are currently working on. 2000-06-14 17:27:02 +00:00			`UTIL (a new set of library functions to support some higher level`
			`functionality that is currently missing).`
Another thing I'm working on. 2000-09-07 08:14:46 +00:00			`Shared library support for VMS.`
Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small. 2001-03-22 10:59:18 +00:00			`Kerberos 5 authentication`
			`Constification`
update from main branch 2001-09-11 12:26:35 +00:00			`OCSP`
Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and add x509v3.h to mkdef.pl list of include files. 1999-01-30 17:35:01 +00:00
Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00			`NEEDS PATCH`

Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small. 2001-03-22 10:59:18 +00:00			`o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file`

			`o Whenever strncpy is used, make sure the resulting string is NULL-terminated`
			`or an error is reported`
Bugs. 1999-04-08 20:45:53 +00:00
update from main branch 2001-09-11 12:26:35 +00:00			`o "OpenSSL STATUS" is never up-to-date.`
Create a STATUS file to coordinate us. Feel free to edit 1998-12-30 09:08:05 +00:00
update from main branch 2001-09-11 12:26:35 +00:00			`OPEN ISSUES`
I don't think this is a real showstopper. Our internal verify procedure lacks even more and I consider this more a useful feature request than a release showstopper. 1999-08-08 10:19:48 +00:00
A few train of thoughts about the build procedure mess 1999-01-02 16:28:51 +00:00			`o The Makefile hierarchy and build mechanism is still not a round thing:`

			`1. The config vs. Configure scripts`
			`It's the same nasty situation as for Apache with APACI vs.`
			`src/Configure. It confuses.`
			`Suggestion: Merge Configure and config into a single configure`
			`script with a Autoconf style interface ;-) and remove`
			`Configure and config. Or even let us use GNU Autoconf`
			`itself. Then we can avoid a lot of those platform checks`
			`which are currently in Configure.`

Some issues for voting 1998-12-31 12:14:27 +00:00			`o Support for Shared Libraries has to be added at least`
			`for the major Unix platforms. The details we can rip from the stuff`
			`Ralf has done for the Apache src/Configure script. Ben wants the`
			`solution to be really simple.`

			`Status: Ralf will look how we can easily incorporate the`
			`compiler PIC and linker DSO flags from Apache`
			`into the OpenSSL Configure script.`

More patches. (Are there any others that have been submitted but not yet reviewed/integrated?) 1999-09-21 17:19:05 +00:00			`Ulf: +1 for using GNU autoconf and libtool (but not automake,`
			`which apparently is not flexible enough to generate`
			`libcrypto)`


Some issues for voting 1998-12-31 12:14:27 +00:00			`o The perl/ stuff needs a major overhaul. Currently it's`
			`totally obsolete. Either we clean it up and enhance it to be up-to-date`
			`with the C code or we also could replace it with the really nice`
			`Net::SSLeay package we can find under`
			`http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a`
			`longer time and it works fine and is a nice Perl module. Best would be`
			`to convince the author to work for the OpenSSL project and create a`
			`Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for`
			`us.`

			`Status: Ralf thinks we should both contact the author of Net::SSLeay`
			`and look how much effort it is to bring Eric's perl/ stuff up`
			`to date.`
Add votes 1999-01-01 14:13:59 +00:00			`Paul +1`
Some issues for voting 1998-12-31 12:14:27 +00:00
Start keeping track of wishes people make on our mailing lists to make sure we don't forget them and this way we have them bundled together. 1999-01-21 13:01:20 +00:00			`WISHES`

update from main branch 2001-09-11 12:26:35 +00:00			`o SRP in TLS.`
			`[wished by:`
			`Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,`
			`Tom Holroyd <tomh@po.crl.go.jp>]`

			`See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt`
			`as well as http://www-cs-students.stanford.edu/~tjw/srp/.`

			`Tom Holroyd tells us there is a SRP patch for OpenSSH at`
			`http://members.tripod.com/professor_tom/archives/, that could`
			`be useful.`