STATUS

  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 2001/01/10 16:37:35 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.7:  Under development...
    o  OpenSSL 0.9.6a: Bugfix release -- under development...
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
    o  OpenSSL 0.9.4:  Released on August    09th, 1999
    o  OpenSSL 0.9.3a: Released on May       29th, 1999
    o  OpenSSL 0.9.3:  Released on May       25th, 1999
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

  RELEASE SHOWSTOPPERS

    o

  AVAILABLE PATCHES

    o CA.pl patch (Damien Miller)

  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
        OCSP
        EVP cipher enhancement.
        Enhanced certificate chain verification.
	Private key, certificate and CRL API and implementation.
	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Geoff and Richard are currently working on:
	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
	UTIL (a new set of library functions to support some higher level
	      functionality that is currently missing).
	Shared library support for VMS.
	OCSP
	Kerberos 5 authentication
	Constification

  NEEDS PATCH

    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

    o  #include <openssl/e_os.h> in exported header files is illegal since
       e_os.h is suitable only for library-internal use

    o  crypto/ex_data.c is not really thread-safe and so must be used
       with care (e.g., extra locking where necessary, or don't call
       CRYPTO_get_ex_new_index once multiple threads exist).
       The current API is not suitable for everything that it pretends
       to offer.

  OPEN ISSUES

    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.

    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.

       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.

               Ulf: +1 for using GNU autoconf and libtool (but not automake,
                    which apparently is not flexible enough to generate
                    libcrypto)


    o  The perl/ stuff needs a major overhaul. Currently it's
       totally obsolete. Either we clean it up and enhance it to be up-to-date
       with the C code or we also could replace it with the really nice
       Net::SSLeay package we can find under
       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
       longer time and it works fine and is a nice Perl module. Best would be
       to convince the author to work for the OpenSSL project and create a
       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
       us.

       Status: Ralf thinks we should both contact the author of Net::SSLeay
               and look how much effort it is to bring Eric's perl/ stuff up
               to date.
               Paul +1

  WISHES

    o