2 OpenSSL STATUS Last modified at
3 ______________ $Date: 1999/01/01 15:58:14 $
7 o OpenSSL 0.9.2: Under development.
8 o OpenSSL 0.9.1c: Released on December 23th, 1998
16 o Ben is folding in his patches
22 o The apps/ dir should be cleaned up.
23 Ralf proposes the following cleanup:
24 1. We rename the ssleay program to openssl.
25 => This way it's consistent with out project and
26 with the already started openssl(1) manpage, etc.
27 2. We no longer create such a lot of <command> links for
28 "openssl <command>". Instead we follow the "cvs" interface idea
29 where all <command>s are called as "cvs <command>".
30 => This no longer messes up the install dir with
31 symlinks and provides a single-one and consistent command line
32 interface. Additionally we can document it nicely with the single
33 already started openssl(1) manual page.
36 o The installation under "make install" produces a very
37 installation layout: $prefix/certs and $prefix/private dirs. That's
38 not nice. Ralf suggests to move the two certs and private dirs either
39 to $prefix/etc/, $prefix/lib/ or $prefix/share. Alternatively
40 we could also not install the certs at all.
42 Status: Ralf +1 for both not installing the certs at all and
43 moving it to $prefix/etc/. +0 for $prefix/lib/
45 Paul: why is it not nice?
46 Ralf: because it messes up the install dir when
47 $prefix is not a dedicated area like /usr/local/ssl.
48 When we move them to a standard subdir like
49 etc/ lib/ or share/ we don't mess up things
50 when $prefix is /usr or /usr/local, etc.
51 Additionally it makes package vendors life
54 o Support for Shared Libraries has to be added at least
55 for the major Unix platforms. The details we can rip from the stuff
56 Ralf has done for the Apache src/Configure script. Ben wants the
57 solution to be really simple.
59 Status: Ralf will look how we can easily incorporate the
60 compiler PIC and linker DSO flags from Apache
61 into the OpenSSL Configure script.
63 o The perl/ stuff needs a major overhaul. Currently it's
64 totally obsolete. Either we clean it up and enhance it to be up-to-date
65 with the C code or we also could replace it with the really nice
66 Net::SSLeay package we can find under
67 http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
68 longer time and it works fine and is a nice Perl module. Best would be
69 to convince the author to work for the OpenSSL project and create a
70 Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
73 Status: Ralf thinks we should both contact the author of Net::SSLeay
74 and look how much effort it is to bring Eric's perl/ stuff up
78 o Ralf has ported Stephen's pkcs12 program to OpenSSL (the
79 ASN.1 stuff Eric recently changed :-( ), but needs some help from
80 Stephen at two source locations. Stephen itself also has ported his
81 internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't
82 incorporate it into OpenSSL because it needs more cleanups. Ralf still
83 thinks pkcs12 should be incorporated better now than later because it's
84 nasty to not have it in the core - one always has to install it
85 manually and a lot of people use it. So, should we incorporate it?
86 BTW, we have to be carefully because of the pkcs12 license: There are
87 some things which don't match the OpenSSL license, so Stephen has to
88 change it for us when we want to incorporate the code.
90 Status: Ralf +1, Stephen -0
projects / openssl.git / blob