提交 679ab7c3 编写于 作者: D Dr. Stephen Henson

Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and

add x509v3.h to mkdef.pl list of include files.
上级 f33fbc2e
OpenSSL STATUS Last modified at
______________ $Date: 1999/01/30 12:06:16 $
______________ $Date: 1999/01/30 17:34:59 $
DEVELOPMENT STATE
......@@ -13,6 +13,14 @@
IN PROGRESS
o Steve is currently working on:
X509 V3 extension code including:
1. Support for the more common PKIX extensions.
2. Proper (or at least usable) certificate chain verification.
3. Support in standard applications (req, x509, ca).
4. Documentation on how all the above works.
Next on the list is probably PKCS#12 integration.
NEEDS PATCH
OPEN ISSUES
......@@ -75,19 +83,15 @@
to date.
Paul +1
o Ralf has ported Stephen's pkcs12 program to OpenSSL (the
ASN.1 stuff Eric recently changed :-( ), but needs some help from
Stephen at two source locations. Stephen itself also has ported his
internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't
incorporate it into OpenSSL because it needs more cleanups. Ralf still
thinks pkcs12 should be incorporated better now than later because it's
nasty to not have it in the core - one always has to install it
manually and a lot of people use it. So, should we incorporate it?
BTW, we have to be carefully because of the pkcs12 license: There are
some things which don't match the OpenSSL license, so Stephen has to
change it for us when we want to incorporate the code.
Status: Ralf +1, Stephen -0
o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
structure for each cipher. This may make sense for things like DES but
for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
use the EVP interface and set up the cipher parameters. The ASN1 stuff
is also foo wrt ciphers whose AlgorithmIdentifier has more than just
an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
don't work unless the key length matches the fixed value (some vendors
use a key length decided by the size of the RSA encrypted key and expect
RC2 to adapt).
WISHES
......
......@@ -745,14 +745,6 @@ struct ssl_st
#define SSL_CTX_set_tmp_dh(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
*/
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*cb)(SSL *ssl,int export));
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
......@@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int SSL_get_ex_data_X509_STORE_CTX_idx(void );
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
*/
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*cb)(SSL *ssl,int export));
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));
#else
BIO_METHOD *BIO_f_ssl();
......@@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index();
int SSL_get_ex_data_X509_STORE_CTX_idx();
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
*/
void SSL_CTX_set_tmp_rsa_callback();
void SSL_CTX_set_tmp_dh_callback();
/* #endif */
#endif
......
......@@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h";
$crypto.=" crypto/pkcs7/pkcs7.h";
$crypto.=" crypto/x509/x509.h";
$crypto.=" crypto/x509/x509_vfy.h";
$crypto.=" crypto/x509v3/x509v3.h";
$crypto.=" crypto/rand/rand.h";
$crypto.=" crypto/hmac/hmac.h";
$crypto.=" crypto/comp/comp.h";
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册