X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=STATUS;h=7853d9ff50ed3b17f34512c22b2bbdfab7b38505;hp=575f5f5638332ac3d950ef95580a596d6d57b848;hb=611ba3f4a1e2e7c418c102e286faacffef7783ec;hpb=f2c46006e7f2097b113fedc376f711ac14ee02f7 diff --git a/STATUS b/STATUS index 575f5f5638..7853d9ff50 100644 --- a/STATUS +++ b/STATUS @@ -1,11 +1,13 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2001/01/12 14:06:26 $ + ______________ $Date: 2002/03/11 09:36:04 $ DEVELOPMENT STATE o OpenSSL 0.9.7: Under development... - o OpenSSL 0.9.6a: Bugfix release -- under development... + o OpenSSL 0.9.6c: Released on December 21st, 2001 + o OpenSSL 0.9.6b: Released on July 9th, 2001 + o OpenSSL 0.9.6a: Released on April 5th, 2001 o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 @@ -17,11 +19,25 @@ RELEASE SHOWSTOPPERS - o + o BIGNUM library failures on 64-bit platforms (0.9.7-dev): + - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc + and other 64-bit platforms + + Checked on Result + alpha-cc (Tru64 version 4.0) works + linux-alpha+bwx-gcc doesn't work. Reported by + Sean O'Riordain + OpenBSD-sparc64 doesn't work. BN_mod_mul breaks. + + Needs checked on + [add platforms here] + + - BN_mod_mul verification fails for mips3-sgi-irix + unless configured with no-asm AVAILABLE PATCHES - o + o IN PROGRESS @@ -36,31 +52,26 @@ o Geoff and Richard are currently working on: ENGINE (the new code that gives hardware support among others). o Richard is currently working on: + UI (User Interface) UTIL (a new set of library functions to support some higher level functionality that is currently missing). Shared library support for VMS. - OCSP Kerberos 5 authentication Constification + OCSP NEEDS PATCH - o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file + o An (optional) countermeasure against the predictable-IV CBC + weakness in SSL/TLS should be added; see + http://www.openssl.org/~bodo/tls-cbc.txt - o #include in exported header files is illegal since - e_os.h is suitable only for library-internal use + o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file - o Whenever strncpy is used, make sure the resulting string is NULL-terminated - or an error is reported + o "OpenSSL STATUS" is never up-to-date. OPEN ISSUES - o crypto/ex_data.c is not really thread-safe and so must be used - with care (e.g., extra locking where necessary, or don't call - CRYPTO_get_ex_new_index once multiple threads exist). - The current API is not suitable for everything that it pretends - to offer. - o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts @@ -85,22 +96,20 @@ which apparently is not flexible enough to generate libcrypto) + WISHES - o The perl/ stuff needs a major overhaul. Currently it's - totally obsolete. Either we clean it up and enhance it to be up-to-date - with the C code or we also could replace it with the really nice - Net::SSLeay package we can find under - http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a - longer time and it works fine and is a nice Perl module. Best would be - to convince the author to work for the OpenSSL project and create a - Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for - us. + o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?] + where the callback function can request that the function be aborted. + [Gregory Stark , ] - Status: Ralf thinks we should both contact the author of Net::SSLeay - and look how much effort it is to bring Eric's perl/ stuff up - to date. - Paul +1 + o SRP in TLS. + [wished by: + Dj , Tom Wu , + Tom Holroyd ] - WISHES + See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt + as well as http://www-cs-students.stanford.edu/~tjw/srp/. - o + Tom Holroyd tells us there is a SRP patch for OpenSSH at + http://members.tripod.com/professor_tom/archives/, that could + be useful.