File: TODO

package info (click to toggle)
aolserver4-nsopenssl 3.0beta26-5
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 452 kB
  • ctags: 313
  • sloc: ansic: 3,162; tcl: 1,080; makefile: 164
file content (54 lines) | stat: -rw-r--r-- 2,172 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
TODO for nsopenssl:

- Make library loadable into tclsh
- Make ns_openssl commands available to Tcl API conns
- 

nsopenssl 3.0 release:
  - Ensure sslcontexts are not NULL before accessing (mostly tclcmds.c)
  - Remove all debug statements
  - Clean up log messages; ditch ones that are not really useful
  - Ensure clean shutdown operations (destroying all conns, then drivers, ...)
  - Validate client disconnect doesn't tie up reader thread
  - Ensure locking around structs is happening properly
  - Review session cache code
  - Clean up compiler warnings
  - Convert Tcl commands to TclObj commands

nsopenssl 3.1 release:
  - Add client IP address to log messages
  - Fix OpenSSL version reporting
  - Review any further commands that can be converted to TclObjs
  - Add ability to refuse keepalive an a per-user agent basis
  - Automate the testing via wget, openssl command line
  - Add instrumentation to nsopenssl and OpenSSL to benchmark timing at every point
  - Add ability to turn off Nagle algorithm for SSL connections
  - See if nsopenssl can adjust OpenSSL's default buffer size w/o a recompile
  - Are there any tunings I can  

nsopenssl 4.0 release:
  - Revamp Tcl API -- major overhaul will require changing of Tcl proc names
  - Add ability to introspect on Tcl API in/out socket conns; currently can
    only do this with core driver conns.
  - Change version number scheme to match AOLserver
  - Review PRNG code
  - Ignore any ciphers or protocols listed in config that weren't compiled into
    OpenSSL library
  - Add benchmarking/performance testing
  - Figure out how to work with keepalive

Wish List:
  - Move https.tcl into C
  - Give nsopenssl the ability to perform certificate operations so it can be
    used to drive a CA process.
  - Add CRL support
  - Add OCSP support
  - Add C and Tcl API for generation of CA / Client / Server cert
  - Add ability to wrap other module conns with an Ns_OpenSSLWrap C API function
  - Add ability to wrap ns_ldap conns
  - Add SSL session cache capability across multiple servers
  - Allow Tcl API sockcallbacks to be specified in config file (?)
  - Create pool of reusable conn structures