openssl/STATUS

  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 2005/06/14 05:42:56 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.9:  Under development...
    o  OpenSSL 0.9.8-beta5:  Released on June 13th, 2005
       OpenVMS/Alpha 7.3-2 w. Compaq C 6.4-005			SUCCESS
       Cygwin (1.5.17 and current CVS)				SUCCESS
       linux-elf (SuSE 9.3)					SUCCESS
       linux-? (Gentoo/armel)					SUCCESS
       linux-? (Gentoo/armeb)					FAILURE
		(Tester comment: Gentoo/armeb failed the x509 certificate test
		 ('test_ss') due to lack of enough random data, but i'm pretty
		 sure that's a system issue and unrelated to openssl ;))
       linux-x86_64 (Linux AMD64)				SUCCESS
    o  OpenSSL 0.9.8-beta4:  Released on June 6th, 2005
    o  OpenSSL 0.9.8-beta3:  Released on May 31th, 2005
    o  OpenSSL 0.9.8-beta2:  Released on May 24th, 2005
    o  OpenSSL 0.9.8-beta1:  Released on May 19th, 2005
    o  OpenSSL 0.9.7g: Released on April     11th, 2005
    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
    o  OpenSSL 0.9.7e: Released on October   25th, 2004
    o  OpenSSL 0.9.7d: Released on March     17th, 2004
    o  OpenSSL 0.9.7c: Released on September 30th, 2003
    o  OpenSSL 0.9.7b: Released on April     10th, 2003
    o  OpenSSL 0.9.7a: Released on February  19th, 2003
    o  OpenSSL 0.9.7:  Released on December  31st, 2002
    o  OpenSSL 0.9.6m: Released on March     17th, 2004
    o  OpenSSL 0.9.6l: Released on November   4th, 2003
    o  OpenSSL 0.9.6k: Released on September 30th, 2003
    o  OpenSSL 0.9.6j: Released on April     10th, 2003
    o  OpenSSL 0.9.6i: Released on February  19th, 2003
    o  OpenSSL 0.9.6h: Released on December   5th, 2002
    o  OpenSSL 0.9.6g: Released on August     9th, 2002
    o  OpenSSL 0.9.6f: Released on August     8th, 2002
    o  OpenSSL 0.9.6e: Released on July      30th, 2002
    o  OpenSSL 0.9.6d: Released on May        9th, 2002
    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
    o  OpenSSL 0.9.6a: Released on April      5th, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
    o  OpenSSL 0.9.4:  Released on August    09th, 1999
    o  OpenSSL 0.9.3a: Released on May       29th, 1999
    o  OpenSSL 0.9.3:  Released on May       25th, 1999
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

  [See also http://www.openssl.org/support/rt2.html]

  RELEASE SHOWSTOPPERS

    o 

  AVAILABLE PATCHES

    o 

  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
        OCSP
        EVP cipher enhancement.
        Enhanced certificate chain verification.
	Private key, certificate and CRL API and implementation.
	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Richard is currently working on:
	Constification
	Attribute Certificate support
	Certificate Pair support
	Storage Engines (primarly an LDAP storage engine)
	Certificate chain validation with full RFC 3280 compatibility

  NEEDS PATCH

    o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
       handle ECCdraft cipher suites correctly.

    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

    o  "OpenSSL STATUS" is never up-to-date.

  OPEN ISSUES

    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.

    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.

       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.

               Ulf: +1 for using GNU autoconf and libtool (but not automake,
                    which apparently is not flexible enough to generate
                    libcrypto)

  WISHES

    o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
       where the callback function can request that the function be aborted.
       [Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]

    o  SRP in TLS.
       [wished by:
        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
        Tom Holroyd <tomh@po.crl.go.jp>]

       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
       as well as http://www-cs-students.stanford.edu/~tjw/srp/.

       Tom Holroyd tells us there is a SRP patch for OpenSSH at
       http://members.tripod.com/professor_tom/archives/, that could
       be useful.