STATUS 5.3 KB
Newer Older
1 2

  OpenSSL STATUS                           Last modified at
3
  ______________                           $Date: 1999/01/21 13:01:20 $
4 5 6 7

  DEVELOPMENT STATE

    o  OpenSSL 0.9.2:  Under development.
R
Ralf S. Engelschall 已提交
8
    o  OpenSSL 0.9.1c: Released on December 23th, 1998
9 10 11 12 13 14 15 16 17 18 19 20 21

  RELEASE SHOWSTOPPERS

  AVAILABLE PATCHES

  IN PROGRESS

    o  Ben is folding in his patches

  NEEDS PATCH

  OPEN ISSUES

22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.

       2. The massive symlinking of Makefile.ssl -> Makefile:
          First the `make -f Makefile.ssl links' command is nasty, second the
          whole process is slow and third it seems to be done without real
          need. And forth, the dependecies are currently missing.  And fifth,
          it's complicated to always go to the top-level in order to get the
          local variables overriden.
          Suggestion: Rename Makefile.ssl to Makefile.in, add
                      dependencies to Makefile.in and change the build process
                      to _generate_ Makefile out of Makefile.in by
                      substituting variables like CC, etc. This solves the
                      above problems.

       3. The xxx.org -> xxx.h generation:
          It's not obvious for which file xxx.org is the source.
          Suggestion: Rename xxx.org to xxx.h.in (Autoconf style), this way
                      one sees that xxx.h.in is the input for xxx.h
49

R
Ralf S. Engelschall 已提交
50 51 52 53 54 55 56 57 58
    o  The installation under "make install" produces a very
       installation layout: $prefix/certs and $prefix/private dirs.  That's
       not nice. Ralf suggests to move the two certs and private dirs either
       to $prefix/etc/, $prefix/lib/ or $prefix/share. Alternatively
       we could also not install the certs at all.

       Status: Ralf +1 for both not installing the certs at all and
                       moving it to $prefix/etc/. +0 for $prefix/lib/
                       and $prefix/share.
P
Paul C. Sutton 已提交
59
               Paul: why is it not nice?
60 61 62 63 64 65 66
               Ralf: because it messes up the install dir when
                     $prefix is not a dedicated area like /usr/local/ssl.
                     When we move them to a standard subdir like
                     etc/ lib/ or share/ we don't mess up things
                     when $prefix is /usr or /usr/local, etc.
                     Additionally it makes package vendors life
                     easier....
R
Ralf S. Engelschall 已提交
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89

    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.

       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.

    o  The perl/ stuff needs a major overhaul. Currently it's
       totally obsolete. Either we clean it up and enhance it to be up-to-date
       with the C code or we also could replace it with the really nice
       Net::SSLeay package we can find under
       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
       longer time and it works fine and is a nice Perl module. Best would be
       to convince the author to work for the OpenSSL project and create a
       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
       us.

       Status: Ralf thinks we should both contact the author of Net::SSLeay
               and look how much effort it is to bring Eric's perl/ stuff up
               to date.
P
Paul C. Sutton 已提交
90
               Paul +1
R
Ralf S. Engelschall 已提交
91 92 93 94 95 96 97 98 99

    o  Ralf has ported Stephen's pkcs12 program to OpenSSL (the 
       ASN.1 stuff Eric recently changed :-( ), but needs some help from
       Stephen at two source locations.  Stephen itself also has ported his
       internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't
       incorporate it into OpenSSL because it needs more cleanups. Ralf still
       thinks pkcs12 should be incorporated better now than later because it's
       nasty to not have it in the core - one always has to install it
       manually and a lot of people use it. So, should we incorporate it?
R
Ralf S. Engelschall 已提交
100 101 102
       BTW, we have to be carefully because of the pkcs12 license: There are
       some things which don't match the OpenSSL license, so Stephen has to
       change it for us when we want to incorporate the code.
R
Ralf S. Engelschall 已提交
103 104

       Status: Ralf +1, Stephen -0
105 106 107 108 109 110 111 112 113 114 115

  WISHES

    o  Damien Miller:
       "How about making the each of the locations compile-time defined. I
       would like to (for example) put binaries in /usr/bin, configuration
       data, certs and keys in /etc/openssl/certs and /etc/openssl/keys, etc.
       This would also be a great boon to binary package makers.  The
       SSLeay-0.9.1b RPM already includes some patches which do some of this.
       I can forward them if you wish."