Commit 679ab7c3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and

add x509v3.h to mkdef.pl list of include files.
parent f33fbc2e
Loading
Loading
Loading
Loading
+18 −14
Original line number Diff line number Diff line

  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 1999/01/30 12:06:16 $
  ______________                           $Date: 1999/01/30 17:34:59 $

  DEVELOPMENT STATE

@@ -13,6 +13,14 @@

  IN PROGRESS

    o Steve is currently working on:
	X509 V3 extension code including:
	1. Support for the more common PKIX extensions.
	2. Proper (or at least usable) certificate chain verification.
	3. Support in standard applications (req, x509, ca).
	4. Documentation on how all the above works.
	Next on the list is probably PKCS#12 integration.

  NEEDS PATCH

  OPEN ISSUES
@@ -75,19 +83,15 @@
               to date.
               Paul +1

    o  Ralf has ported Stephen's pkcs12 program to OpenSSL (the 
       ASN.1 stuff Eric recently changed :-( ), but needs some help from
       Stephen at two source locations.  Stephen itself also has ported his
       internal pkcs12 0.53 version to OpenSSL, but thinks we still shouldn't
       incorporate it into OpenSSL because it needs more cleanups. Ralf still
       thinks pkcs12 should be incorporated better now than later because it's
       nasty to not have it in the core - one always has to install it
       manually and a lot of people use it. So, should we incorporate it?
       BTW, we have to be carefully because of the pkcs12 license: There are
       some things which don't match the OpenSSL license, so Stephen has to
       change it for us when we want to incorporate the code.

       Status: Ralf +1, Stephen -0
    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
      structure for each cipher. This may make sense for things like DES but
      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
      use the EVP interface and set up the cipher parameters. The ASN1 stuff
      is also foo wrt ciphers whose AlgorithmIdentifier has more than just
      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
      don't work unless the key length matches the fixed value (some vendors
      use a key length decided by the size of the RSA encrypted key and expect
      RC2 to adapt).

  WISHES

+15 −8
Original line number Diff line number Diff line
@@ -745,14 +745,6 @@ struct ssl_st
#define SSL_CTX_set_tmp_dh(ctx,dh) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)

/* For the next 2, the callbacks are 
 * RSA *tmp_rsa_cb(SSL *ssl,int export)
 * DH *tmp_dh_cb(SSL *ssl,int export)
 */
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
				  RSA *(*cb)(SSL *ssl,int export));
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));

#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)

@@ -970,6 +962,14 @@ int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),

int SSL_get_ex_data_X509_STORE_CTX_idx(void );

/* For the next 2, the callbacks are 
 * RSA *tmp_rsa_cb(SSL *ssl,int export)
 * DH *tmp_dh_cb(SSL *ssl,int export)
 */
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
				  RSA *(*cb)(SSL *ssl,int export));
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));

#else

BIO_METHOD *BIO_f_ssl();
@@ -1179,6 +1179,13 @@ int SSL_CTX_get_ex_new_index();

int SSL_get_ex_data_X509_STORE_CTX_idx();

/* For the next 2, the callbacks are 
 * RSA *tmp_rsa_cb(SSL *ssl,int export)
 * DH *tmp_dh_cb(SSL *ssl,int export)
 */
void SSL_CTX_set_tmp_rsa_callback();
void SSL_CTX_set_tmp_dh_callback();

/* #endif */

#endif
+1 −0
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ $crypto.=" crypto/err/err.h";
$crypto.=" crypto/pkcs7/pkcs7.h";
$crypto.=" crypto/x509/x509.h";
$crypto.=" crypto/x509/x509_vfy.h";
$crypto.=" crypto/x509v3/x509v3.h";
$crypto.=" crypto/rand/rand.h";
$crypto.=" crypto/hmac/hmac.h";
$crypto.=" crypto/comp/comp.h";