Thanks for verifying these are valid, Doug. Now this [much shorter]

  list should be living in our STATUS file.  Question of module maps
  and file layout is already off to the list.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95403 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index c2a743e6e0495a5ca4d5248acc0af468029b034f..ffea39d0be3248cb02d472c423964d85aa7a15bb 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2002/05/30 06:02:15 $]
+Last modified at [$Date: 2002/05/30 16:00:28 $]
 
 Release:
 
@@ -393,14 +393,6 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
         - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
         actually works) and add in a splash of Win9x service code.
 
-    * In order to use a DSO version of mod_ssl we have to link with
-      -lssl and -lcrypto. A workaround is in place right now where the
-      entire EXTRA_LIBS macro is being appended to the objects list, but
-      this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
-      autoconf function or come up with some other autoconf checks to
-      search for libssl and libcrypto and properly add them to mod_ssl's
-      link flags.
-
     * Fix the worker MPM to use POD to kill child processes instead
       of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
 
@@ -411,6 +403,52 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
       Message-ID: <Pine.LNX.4.44.0203011354090.16457-200000@deepthought
                   .cs.virginia.edu>
 
+TODO ISSUES REMAINING IN MOD_SSL:
+
+    * In order to use a DSO version of mod_ssl we have to link with
+      -lssl and -lcrypto. A workaround is in place right now where the
+      entire EXTRA_LIBS macro is being appended to the objects list, but
+      this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
+      autoconf function or come up with some other autoconf checks to
+      search for libssl and libcrypto and properly add them to mod_ssl's
+      link flags.
+
+    * SSL renegotiations in combination with POST request
+
+    * Port or dispose all code inside #if 0...#endif blocks that remain
+      from the porting effort.
+
+    * Do we need SSL_set_read_ahead()?
+
+    * the ssl_expr api is NOT THREAD SAFE.  race conditions exist:
+       -in ssl_expr_comp() if SSLRequire is used in .htaccess
+        (ssl_expr_info is global)
+       -is ssl_expr_eval() if there is an error
+        (ssl_expr_error is global)
+
+    * SSLRequire directive (parsing of) leaks memory
+
+    * Diffie-Hellman-Parameters for temporary keys are hardcoded in
+      ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
+      "it is suggested that keys be changed daily or every 500
+      transactions, and more often if possible."
+
+    * ssl_var_lookup could be rewritten to be MUCH faster
+
+
+    * CRL callback should be pluggable
+
+    * session cache store should be pluggable
+
+    * init functions should return status code rather than ssl_die()
+
+    * ssl_engine_pphrase.c needs to be reworked so it is generic enough
+      to also decrypt proxy keys
+
+    * the shmcb code should just align its memory segment rather than
+      jumping through all the "safe" memcpy and memset hoops
+
+
 EXPERIMENTAL MODULES:
     Experimental modules should eventually be be promoted to fully supported
     status or removed from the repository entirely (ie, the