diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-01-30 17:35:01 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-01-30 17:35:01 +0000 |
| commit | 679ab7c39e1c011870a2f6f6092460dbe693600f (patch) | |
| tree | 4b90ea2e8b108a0abe9d730da071bcbc426b8bfa /STATUS | |
| parent | f33fbc2e1e64a202476c29080636ee989871e7f7 (diff) | |
Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and
add x509v3.h to mkdef.pl list of include files.
Diffstat (limited to 'STATUS')
| -rw-r--r-- | STATUS | 32 |
1 files changed, 18 insertions, 14 deletions
@@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 1999/01/30 12:06:16 $ + ______________ $Date: 1999/01/30 17:34:59 $ DEVELOPMENT STATE @@ -13,6 +13,14 @@ IN PROGRESS + o Steve is currently working on: + X509 V3 extension code including: + 1. Support for the more common PKIX extensions. + 2. Proper (or at least usable) certificate chain verification. + 3. Support in standard applications (req, x509, ca). + 4. Documentation on how all the above works. + Next on the list is probably PKCS#12 integration. + NEEDS PATCH OPEN ISSUES @@ -75,19 +83,15 @@ to date. Paul +1 - o Ralf has ported Stephen's pkcs12 program to OpenSSL (the - ASN.1 stuff Eric recently changed :-( ), but needs some help from - Stephen at two source locations. Stephen itself also has ported his - internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't - incorporate it into OpenSSL because it needs more cleanups. Ralf still - thinks pkcs12 should be incorporated better now than later because it's - nasty to not have it in the core - one always has to install it - manually and a lot of people use it. So, should we incorporate it? - BTW, we have to be carefully because of the pkcs12 license: There are - some things which don't match the OpenSSL license, so Stephen has to - change it for us when we want to incorporate the code. - - Status: Ralf +1, Stephen -0 + o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER + structure for each cipher. This may make sense for things like DES but + for variable length ciphers like RC2 and RC4 it is NBG. Need a way to + use the EVP interface and set up the cipher parameters. The ASN1 stuff + is also foo wrt ciphers whose AlgorithmIdentifier has more than just + an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open + don't work unless the key length matches the fixed value (some vendors + use a key length decided by the size of the RSA encrypted key and expect + RC2 to adapt). WISHES |