[Openswan dev] What should be changed in openswan-2.0.0

Andreas Steffen andreas.steffen at strongsec.net
Thu Jan 22 19:03:40 CET 2004 

I've just finished version 1.5.0 of the X.509 patch for freeswan-2.04.
It will be released within the next two days. In order to check to
amount of work I would have to invest into a simultaneous release
for openswan-2.0.0 I downloaded the final version from www.openswan.org.
I applied the differential patch x509-1.4.8-to-1.5.0 for freeswan-2.04
to openswan-2.0.0 and it failed miserably in a lot of places.

Upon closer inspection of the openswan sources I noticed the following
changes relative to freeswan-2.04-x509-1.4.8:

- much, but not all of the X.509 code has been encapsulated in
   #ifdef X509 statements. This doesn't make sense in the light that
   the X.509 patch has been operational for more than three years now
   and is a fully integrated component of both Super-FreeS/WAN and
   openswan-1.0.0. Why separate it from the rest now?

- additionally the sources have been mutilated by the insertion of
   #ifdef X509_FETCH encapsulations. In the default configuration
   with "crlcheckinterval=0" the posix threads aren't started anyway and
   the mutexes could be replaced by dummy statements in fetch.c instead.
   (actually this has already been done in openswan-2.0.0, too).

- README.x509 is missing and I haven't found my HOWTO in the docs
   directory neither. Will there a place for it?

- The Copyright notice still contains the names of the original
   FreeS/WAN team. When will all authors who have contributed to
   Openswan be included?

Conclusion:

With the present condition the openswan-2.0.0 (final!) release is
in I will not be able to contribute any new features or bug fixes
to the openswan-2.0.0 branch. Please create a basis for an open
software development environment, as has been the case during
Super FreeS/WAN project.

Kind regards

Andreas

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

More information about the Dev mailing list