hp SSL for OpenVMS

      V1.4 Release Notes

      Mar 2010

      Based on OpenSSL 0.9.8h

      hp SSL V1.4 for OpenVMS Alpha and Itanium

      HP-AXPVMS-SSL-V0104-0331-1.PCSI

      HP-I64VMS-SSL-V0104-0334-1.PCSI



      ----------------------------------------------------------

      Hewlett-Packard is pleased to provide you with the latest 
      release of hp SSL for OpenVMS.  hp SSL (Secure Sockets Layer) 
      is based on the 0.9.8h release from the Open Group.  

      For more information, see the hp SSL website at 

          http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

      and documentation at

          http://h71000.www7.hp.com/openvms/products/ssl/ssl_doc.html 

      OpenVMS security and security product information can be located at

          http://h71000.www7.hp.com/openvms/security.html#ssl

      See http://www.openssl.org for information about OpenSSL.

      Documentation for this kit, including installation and 
      configuration information, release notes, a programming 
      tutorial and API reference, is included in "hp Open Source 
      Security for OpenVMS Alpha Volume 2: hp SSL for 
      OpenVMS Alpha" in HTML and PDF formats. That document 
      is included on the OpenVMS documentation CD-ROM and
      on the OpenVMS website at http://www.hp.com/go/openvms/doc/.

      There are post installation activities that need to be
      performed. This includes the following items that are described
      in detail:

      - ensuring SSL startup and logical name creation files 
        are executed 

      - updating or copying the necessary startup, shutdown and 
        configuration files from the installed template files

      - running the Installation Verification Program (IVP) 

      SSL has created the following directory structure and files in
      PCSI$DESTINATION, which defaults to SYS$SYSDEVICE:[VMS$COMMON]

      [SSL]                 -  Top-level SSL directory
      [SSL.ALPHA_EXE]       -  Contains the images for the Alpha platform*
      [SSL.IA64_EXE]        -  Contains the images for the Itanium platform*
      [SSL.VAX_EXE ]        -  Contains the images for the Itanium platform*
      [SSL.COM]             -  Directory to hold the various command procedures
      [SSL.DEMOCA]          -  Directory structure to demo SSL's CA features
      [SSL.DEMOCA.CERTS]    -  Directory to hold the certificates and keys
      [SSL.DEMOCA.CONF]     -  Contains the configuration files
      [SSL.DEMOCA.CRL]      -  Contains revoked certificates and CRLs
      [SSL.DEMOCA.PRIVATE]  -  Directory for private keys and random data
      [SSL.DOC]             -  OpenSSL.org provided documentation & information
      [SSL.INCLUDE]         -  Contains the C Header (.H) files
      [SSL.TEST]            -  Contains the files used during the IVP

      [SYS$STARTUP]         -  Startup and shutdown templates and files 
      [SYSHLP]              -  Release notes
      [SYSHLP.EXAMPLES.SSL] -  SSL crypto and secure session examples
      [SYSLIB]              -  SSL shareable image files
      [SYSTEST]             -  SSL$IVP.COM test files

      * - Note : Each system will have only one xxx_EXE.DIR, depending
		 on the architecture of the system.



      SSL Startup and Shutdown
      ------------------------

      Once the installation is complete, add SSL$STARTUP.COM to
      SYS$MANAGER:SYSTARTUP_VMS.COM file with the following command:

          $ @SYS$STARTUP:SSL$STARTUP.COM 

      If SSL was installed as part of the installation of OpenVMS,
      the SSL$STARTUP.COM will already be in the startup command
      procedure SYS$STARTUP:VMS$LPBEGIN-050_STARTUP.COM.

      When the system is rebooted, this will automatically define the
      SSL$ executive mode logical names in the SYSTEM logical name
      table, and install the SSL shareable images in memory that reside
      in the [SYSLIB] directory.

      Also, add SSL$SHUTDOWN.COM to the SYS$MANAGER:SYSHUTDWN.COM file
      to remove the installed images and deassign the SSL$ logical name
      definitions. Add one of the following command lines:

          $ @SYS$STARTUP:SSL$SHUTDOWN.COM



      Updated SSL Files Requiring Attention
      -------------------------------------

      If you are upgrading from a previous version of HP SSL, it is
      suggested that you copy the following SSL template files, renaming
      each to their respective command procedure (.COM) and
      configuration (.CNF) file. These files may change with each new
      version of SSL. A product upgrade or re-installation will not
      overwrite or create a new file version if the file has been 
      modified. It will only create the template files.

      If you have customized the SSL command files for the site, compare
      the following template files with your existing command procedures
      and take the appropriate action to update your customized files. 

      It is also suggested that the the site-specific SSL command
      procedures are utilized to tailor the SSL installation to the
      site. 

      All of these files are discussed in the following section.

      - The SSL$STARTUP.TEMPLATE file is no longer provided.  The
        startup file SSL$STARTUP.COM is placed into SYS$STARTUP.
	Any existing SSL$STARTUP.COM in SYS$STARTUP is renamed to
	SYS$STARTUP:SSL$STARTUP.COM_OLD. 

      - The SSL$SHUTDOWN.TEMPLATE file is no longer provided.  The
        shutdown file SSL$SHUTDOWN.COM is placed into SYS$STARTUP.
	Any existing SSL$SHUTDOWN.COM in SYS$STARTUP is renamed to
	SYS$STARTUP:SSL$SHUTDOWN.COM_OLD. 
  
      - If there are system or site-specific SSL startup or shutdowm
        command procedure requirements, it is suggested that they are
        placed in the site-specific SSL files. These site-specific 
        files are invoked by SSL$STARTUP.COM and SSL$SHUTDOWN.COM 
        respectively. You may want to compare and/or copy the new 
        installed template files to the command procedures in SSL$COM:

        SSL$COM:SSL$SYSTARTUP.COM ,  SSL$COM:SSL$SYSTARTUP.TEMPLATE
        SSL$COM:SSL$SYSHUTDOWN.COM , SSL$COM:SSL$SYSHUTDOWN.TEMPLATE

      - Compare SSL$EXAMPLES:SSL$EXAMPLES_SETUP.TEMPLATE to your
        existing SSL$EXAMPLES:SSL$EXAMPLES_SETUP.COM file, and rename
        the template file to SSL$EXAMPLES:SSL$EXAMPLES_SETUP.COM if you
        want to accept the changes. 

        The new SSL$EXAMPLES_SETUP.TEMPLATE file executes
        SSL$COM:SSL$UTILS.COM to define SSL DCL commands.

      - If the SSL or OpenVMS configuration files have been modified
        for your site, compare (and copy) the new installed template
        files with the configuration files in the SSL root directory: 
        
	SSL$ROOT:[000000]OPENSSL.CNF , OPENSSL.CNF_TEMPLATE
	SSL$ROOT:[000000]OPENSSL-VMS.CNF , OPENSSL-VMS.CNF_TEMPLATE

      SSL Logicals and Symbols
      ------------------------

      SSL foreign symbols are defined with the SSL command procedures:

        SSL$STARTUP.COM and SSL$COM:SSL$UTILS.COM  



      Installation Verification Program (IVP)
      ---------------------------------------

      Normally the Installation Verification Program (IVP) test is
      executed when SSL is installed. To run the SSL IVP test manually,
      type one of the following commands:

        $ @ SYS$TEST:SSL$IVP.COM 

      The IVP test would not be executed at installation
      time if, for example, the PCSI qualifier /NOTEST was utilized.



      Removing SSL
      ------------

      To remove SSL for the system disk or destination directory, type
      the following command:

      	$ PRODUCT REMOVE SSL 

      Note: some files may remain and will not be removed when the SSL
      product is removed. These are files that were created by running
      the IVP test program, such as SSL$IVP.LOG, and as a consequence, 
      the SYSTEST.DIR directory. Other files may include certificates,
      such as those created by the certificate tool in the SSL$CERTS:
      directory.