diff --git a/STATUS b/STATUS index 48636fadc0d90782d0a8dab5cf477e05a9e3d10d..0a1a99428ffa28e0ee597052a3cda1d5a5b22770 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 1999/01/30 12:06:16 $ + ______________ $Date: 1999/01/30 17:34:59 $ DEVELOPMENT STATE @@ -13,6 +13,14 @@ IN PROGRESS + o Steve is currently working on: + X509 V3 extension code including: + 1. Support for the more common PKIX extensions. + 2. Proper (or at least usable) certificate chain verification. + 3. Support in standard applications (req, x509, ca). + 4. Documentation on how all the above works. + Next on the list is probably PKCS#12 integration. + NEEDS PATCH OPEN ISSUES @@ -75,19 +83,15 @@ to date. Paul +1 - o Ralf has ported Stephen's pkcs12 program to OpenSSL (the - ASN.1 stuff Eric recently changed :-( ), but needs some help from - Stephen at two source locations. Stephen itself also has ported his - internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't - incorporate it into OpenSSL because it needs more cleanups. Ralf still - thinks pkcs12 should be incorporated better now than later because it's - nasty to not have it in the core - one always has to install it - manually and a lot of people use it. So, should we incorporate it? - BTW, we have to be carefully because of the pkcs12 license: There are - some things which don't match the OpenSSL license, so Stephen has to - change it for us when we want to incorporate the code. - - Status: Ralf +1, Stephen -0 + o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER + structure for each cipher. This may make sense for things like DES but + for variable length ciphers like RC2 and RC4 it is NBG. Need a way to + use the EVP interface and set up the cipher parameters. The ASN1 stuff + is also foo wrt ciphers whose AlgorithmIdentifier has more than just + an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open + don't work unless the key length matches the fixed value (some vendors + use a key length decided by the size of the RSA encrypted key and expect + RC2 to adapt). WISHES diff --git a/ssl/ssl.h b/ssl/ssl.h index 5af3b1def6d2f7d7fb509986b49458f957213250..ed41d33cefb962b3efd174af5826dcf45e05e6f0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -745,14 +745,6 @@ struct ssl_st #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -/* For the next 2, the callbacks are - * RSA *tmp_rsa_cb(SSL *ssl,int export) - * DH *tmp_dh_cb(SSL *ssl,int export) - */ -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb)(SSL *ssl,int export)); -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); - #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) @@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_get_ex_data_X509_STORE_CTX_idx(void ); +/* For the next 2, the callbacks are + * RSA *tmp_rsa_cb(SSL *ssl,int export) + * DH *tmp_dh_cb(SSL *ssl,int export) + */ +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*cb)(SSL *ssl,int export)); +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); + #else BIO_METHOD *BIO_f_ssl(); @@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index(); int SSL_get_ex_data_X509_STORE_CTX_idx(); +/* For the next 2, the callbacks are + * RSA *tmp_rsa_cb(SSL *ssl,int export) + * DH *tmp_dh_cb(SSL *ssl,int export) + */ +void SSL_CTX_set_tmp_rsa_callback(); +void SSL_CTX_set_tmp_dh_callback(); + /* #endif */ #endif diff --git a/util/mkdef.pl b/util/mkdef.pl index 0d66a909997bdd7e14ecd1750c57d8c17405aa3f..a62e3eef821700319dce1512fb39316c3f45fc1a 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509_vfy.h"; +$crypto.=" crypto/x509v3/x509v3.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/comp/comp.h";