Loading STATUS +18 −14 Original line number Diff line number Diff line OpenSSL STATUS Last modified at ______________ $Date: 1999/01/30 12:06:16 $ ______________ $Date: 1999/01/30 17:34:59 $ DEVELOPMENT STATE Loading @@ -13,6 +13,14 @@ IN PROGRESS o Steve is currently working on: X509 V3 extension code including: 1. Support for the more common PKIX extensions. 2. Proper (or at least usable) certificate chain verification. 3. Support in standard applications (req, x509, ca). 4. Documentation on how all the above works. Next on the list is probably PKCS#12 integration. NEEDS PATCH OPEN ISSUES Loading Loading @@ -75,19 +83,15 @@ to date. Paul +1 o Ralf has ported Stephen's pkcs12 program to OpenSSL (the ASN.1 stuff Eric recently changed :-( ), but needs some help from Stephen at two source locations. Stephen itself also has ported his internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't incorporate it into OpenSSL because it needs more cleanups. Ralf still thinks pkcs12 should be incorporated better now than later because it's nasty to not have it in the core - one always has to install it manually and a lot of people use it. So, should we incorporate it? BTW, we have to be carefully because of the pkcs12 license: There are some things which don't match the OpenSSL license, so Stephen has to change it for us when we want to incorporate the code. Status: Ralf +1, Stephen -0 o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER structure for each cipher. This may make sense for things like DES but for variable length ciphers like RC2 and RC4 it is NBG. Need a way to use the EVP interface and set up the cipher parameters. The ASN1 stuff is also foo wrt ciphers whose AlgorithmIdentifier has more than just an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open don't work unless the key length matches the fixed value (some vendors use a key length decided by the size of the RSA encrypted key and expect RC2 to adapt). WISHES Loading ssl/ssl.h +15 −8 Original line number Diff line number Diff line Loading @@ -745,14 +745,6 @@ struct ssl_st #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) Loading Loading @@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_get_ex_data_X509_STORE_CTX_idx(void ); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #else BIO_METHOD *BIO_f_ssl(); Loading Loading @@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index(); int SSL_get_ex_data_X509_STORE_CTX_idx(); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(); void SSL_CTX_set_tmp_dh_callback(); /* #endif */ #endif Loading util/mkdef.pl +1 −0 Original line number Diff line number Diff line Loading @@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509v3/x509v3.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/comp/comp.h"; Loading Loading
STATUS +18 −14 Original line number Diff line number Diff line OpenSSL STATUS Last modified at ______________ $Date: 1999/01/30 12:06:16 $ ______________ $Date: 1999/01/30 17:34:59 $ DEVELOPMENT STATE Loading @@ -13,6 +13,14 @@ IN PROGRESS o Steve is currently working on: X509 V3 extension code including: 1. Support for the more common PKIX extensions. 2. Proper (or at least usable) certificate chain verification. 3. Support in standard applications (req, x509, ca). 4. Documentation on how all the above works. Next on the list is probably PKCS#12 integration. NEEDS PATCH OPEN ISSUES Loading Loading @@ -75,19 +83,15 @@ to date. Paul +1 o Ralf has ported Stephen's pkcs12 program to OpenSSL (the ASN.1 stuff Eric recently changed :-( ), but needs some help from Stephen at two source locations. Stephen itself also has ported his internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't incorporate it into OpenSSL because it needs more cleanups. Ralf still thinks pkcs12 should be incorporated better now than later because it's nasty to not have it in the core - one always has to install it manually and a lot of people use it. So, should we incorporate it? BTW, we have to be carefully because of the pkcs12 license: There are some things which don't match the OpenSSL license, so Stephen has to change it for us when we want to incorporate the code. Status: Ralf +1, Stephen -0 o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER structure for each cipher. This may make sense for things like DES but for variable length ciphers like RC2 and RC4 it is NBG. Need a way to use the EVP interface and set up the cipher parameters. The ASN1 stuff is also foo wrt ciphers whose AlgorithmIdentifier has more than just an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open don't work unless the key length matches the fixed value (some vendors use a key length decided by the size of the RSA encrypted key and expect RC2 to adapt). WISHES Loading
ssl/ssl.h +15 −8 Original line number Diff line number Diff line Loading @@ -745,14 +745,6 @@ struct ssl_st #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) Loading Loading @@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_get_ex_data_X509_STORE_CTX_idx(void ); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #else BIO_METHOD *BIO_f_ssl(); Loading Loading @@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index(); int SSL_get_ex_data_X509_STORE_CTX_idx(); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(); void SSL_CTX_set_tmp_dh_callback(); /* #endif */ #endif Loading
util/mkdef.pl +1 −0 Original line number Diff line number Diff line Loading @@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509v3/x509v3.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/comp/comp.h"; Loading