Loading STATUS +18 −14 Original line number Original line Diff line number Diff line OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at ______________ $Date: 1999/01/30 12:06:16 $ ______________ $Date: 1999/01/30 17:34:59 $ DEVELOPMENT STATE DEVELOPMENT STATE Loading @@ -13,6 +13,14 @@ IN PROGRESS IN PROGRESS o Steve is currently working on: X509 V3 extension code including: 1. Support for the more common PKIX extensions. 2. Proper (or at least usable) certificate chain verification. 3. Support in standard applications (req, x509, ca). 4. Documentation on how all the above works. Next on the list is probably PKCS#12 integration. NEEDS PATCH NEEDS PATCH OPEN ISSUES OPEN ISSUES Loading Loading @@ -75,19 +83,15 @@ to date. to date. Paul +1 Paul +1 o Ralf has ported Stephen's pkcs12 program to OpenSSL (the o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER ASN.1 stuff Eric recently changed :-( ), but needs some help from structure for each cipher. This may make sense for things like DES but Stephen at two source locations. Stephen itself also has ported his for variable length ciphers like RC2 and RC4 it is NBG. Need a way to internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't use the EVP interface and set up the cipher parameters. The ASN1 stuff incorporate it into OpenSSL because it needs more cleanups. Ralf still is also foo wrt ciphers whose AlgorithmIdentifier has more than just thinks pkcs12 should be incorporated better now than later because it's an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open nasty to not have it in the core - one always has to install it don't work unless the key length matches the fixed value (some vendors manually and a lot of people use it. So, should we incorporate it? use a key length decided by the size of the RSA encrypted key and expect BTW, we have to be carefully because of the pkcs12 license: There are RC2 to adapt). some things which don't match the OpenSSL license, so Stephen has to change it for us when we want to incorporate the code. Status: Ralf +1, Stephen -0 WISHES WISHES Loading ssl/ssl.h +15 −8 Original line number Original line Diff line number Diff line Loading @@ -745,14 +745,6 @@ struct ssl_st #define SSL_CTX_set_tmp_dh(ctx,dh) \ #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) Loading Loading @@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_get_ex_data_X509_STORE_CTX_idx(void ); int SSL_get_ex_data_X509_STORE_CTX_idx(void ); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #else #else BIO_METHOD *BIO_f_ssl(); BIO_METHOD *BIO_f_ssl(); Loading Loading @@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index(); int SSL_get_ex_data_X509_STORE_CTX_idx(); int SSL_get_ex_data_X509_STORE_CTX_idx(); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(); void SSL_CTX_set_tmp_dh_callback(); /* #endif */ /* #endif */ #endif #endif Loading util/mkdef.pl +1 −0 Original line number Original line Diff line number Diff line Loading @@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509v3/x509v3.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/comp/comp.h"; $crypto.=" crypto/comp/comp.h"; Loading Loading
STATUS +18 −14 Original line number Original line Diff line number Diff line OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at ______________ $Date: 1999/01/30 12:06:16 $ ______________ $Date: 1999/01/30 17:34:59 $ DEVELOPMENT STATE DEVELOPMENT STATE Loading @@ -13,6 +13,14 @@ IN PROGRESS IN PROGRESS o Steve is currently working on: X509 V3 extension code including: 1. Support for the more common PKIX extensions. 2. Proper (or at least usable) certificate chain verification. 3. Support in standard applications (req, x509, ca). 4. Documentation on how all the above works. Next on the list is probably PKCS#12 integration. NEEDS PATCH NEEDS PATCH OPEN ISSUES OPEN ISSUES Loading Loading @@ -75,19 +83,15 @@ to date. to date. Paul +1 Paul +1 o Ralf has ported Stephen's pkcs12 program to OpenSSL (the o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER ASN.1 stuff Eric recently changed :-( ), but needs some help from structure for each cipher. This may make sense for things like DES but Stephen at two source locations. Stephen itself also has ported his for variable length ciphers like RC2 and RC4 it is NBG. Need a way to internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't use the EVP interface and set up the cipher parameters. The ASN1 stuff incorporate it into OpenSSL because it needs more cleanups. Ralf still is also foo wrt ciphers whose AlgorithmIdentifier has more than just thinks pkcs12 should be incorporated better now than later because it's an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open nasty to not have it in the core - one always has to install it don't work unless the key length matches the fixed value (some vendors manually and a lot of people use it. So, should we incorporate it? use a key length decided by the size of the RSA encrypted key and expect BTW, we have to be carefully because of the pkcs12 license: There are RC2 to adapt). some things which don't match the OpenSSL license, so Stephen has to change it for us when we want to incorporate the code. Status: Ralf +1, Stephen -0 WISHES WISHES Loading
ssl/ssl.h +15 −8 Original line number Original line Diff line number Diff line Loading @@ -745,14 +745,6 @@ struct ssl_st #define SSL_CTX_set_tmp_dh(ctx,dh) \ #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) Loading Loading @@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_get_ex_data_X509_STORE_CTX_idx(void ); int SSL_get_ex_data_X509_STORE_CTX_idx(void ); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); #else #else BIO_METHOD *BIO_f_ssl(); BIO_METHOD *BIO_f_ssl(); Loading Loading @@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index(); int SSL_get_ex_data_X509_STORE_CTX_idx(); int SSL_get_ex_data_X509_STORE_CTX_idx(); /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ void SSL_CTX_set_tmp_rsa_callback(); void SSL_CTX_set_tmp_dh_callback(); /* #endif */ /* #endif */ #endif #endif Loading
util/mkdef.pl +1 −0 Original line number Original line Diff line number Diff line Loading @@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/pkcs7/pkcs7.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509v3/x509v3.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/hmac/hmac.h"; $crypto.=" crypto/comp/comp.h"; $crypto.=" crypto/comp/comp.h"; Loading
