On Tue, 11 Nov 2014, Guenter wrote:
now usually the download of the certdata.txt file is most of the script's execution time, while creating a new ca-bundle.crt takes only a second or two on nowaday's machines ...
The download time is of course also very different depending on network speeds etc. It is really fast for me.
at a minimum I would like to change the SHA1 checksum to MD5 since we dont use it here for security but only as checksum over certdata.txt; this would make the script more compatible with older Perl versions where Digest::SHA might not be part of the Perl core ...
Does it really matter if it is part of the core? I'm asking since I'm under the impression this script is used on machines more "developy" and thus likely to have the flexibility of extra perl packages. Maybe I'm wrong.
more I would like to remove this checking completely, and just allways create a fresh ca-bundle.crt and backup the old, as we did years ago; this checking makes no real sense to me since we have anyway already downloaded a fresh certdata.txt, and would probably only save a second execution time for creating a fresh ca-bundle.crt while we did already use 5 or more secs to download certdata.txt + time to create the checksum ...
Yeah, I wouldn't object much to such a change. I added the checksum thing basically to maintain the former functionality so that the output wouldn't be touched if there was no news (that's a feature I myself use and need in scripting in my end) but you are of course right that there's also not much of a speed benefit now.
But now when the check is there, what's the benefit of removing it? It does alter the behavior of the script somewhat. Maybe we could just make it conditional on an option to save me from having to edit my scripts too much?
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
