Re: Question about ca-bundle.crt
On Mon, Feb 11, 2008, Guenter Knauf wrote: Hi, there are some recommened methods for creating a ca-bundle.crt most use the openssl commandline with something like: openssl x509 -fingerprint -text -in infile -inform PEM outfile which produces a bunch of text info beside the PEM certs itself. Now I would like to know: - is anything of the text info relevant for the CA lookup for openssl? - is the lookup faster if I ommit the text info, and only write out the PEM certs? - is the fingerprint of any use for the lookup process? F.e. if I create a ca-bundle.crt with text info the file is ~542kb (114 CAs); if I create a ca-bundle.crt without text then its only ~183kb... None of text info (including fingerprint) is used during the lookup process. Omitting it makes the file shorter and makes it slightly quicker to read initially but has no effect after that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Question about ca-bundle.crt
Hi, there are some recommened methods for creating a ca-bundle.crt most use the openssl commandline with something like: openssl x509 -fingerprint -text -in infile -inform PEM outfile which produces a bunch of text info beside the PEM certs itself. Now I would like to know: - is anything of the text info relevant for the CA lookup for openssl? - is the lookup faster if I ommit the text info, and only write out the PEM certs? - is the fingerprint of any use for the lookup process? F.e. if I create a ca-bundle.crt with text info the file is ~542kb (114 CAs); if I create a ca-bundle.crt without text then its only ~183kb... Thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Question about ca-bundle.crt
Hi Steve, None of text info (including fingerprint) is used during the lookup process. Omitting it makes the file shorter and makes it slightly quicker to read initially but has no effect after that. thanks for your quick reply! Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
