CMP for OpenSSL

As CMP for OpenSSL is work in progress, there is a lot to be done before a first stable version can be released. This includes, but is not limited to, the following tasks:

• General testing.
• Code and API review by a third party.
• Implementation and testing compatibility to CAs other than Cryptlib.
• Implementation of message creation other than IR, IP, PKIconf, CertConf, KUR, KUP, GENM and GENP. Those can only be used if the untilized CA supports them.
• Improvement of the already implemented messages. As it is quite likely that all available CAs insist on the presence/absence of certain fields, this can be done as needed.
• Improvement of the HTTP send/receive code to be fully compliant to the respective standards. So far it is not more than 'just working'.
• Implementation of conveying protocols other than HTTP
• Implementation of additional functionality like the Challenge-Response Protocol. This can only be used if a CA is discovered which supports this.
• Precise evaluation of error messages sent by the CA. This is only useful if the CA inserts a sane description of the occurred non-conformity.
• Determination which brand and version the CA is of in order to adjust to its quirks. E.g. Cryptlib can be identified by its OID in the generalInfo field, Insta Certifier (<= v3.2.1) by demanding the extra TCP-transport-style header layer between HTTP and CMP.

Please let me know when you'd like to participate!