On 8/21/15, 1:07 PM, "Dave Zhu (yanbzhu)" <[email protected]> wrote:
>Hey Emeric, > >>I think you don't notice that certificate in the wild card tree are not >>stored using their fullnames (we exclude the '*' and start at the first >>'.'). > >No I did not notice this, but I believe this is actually a good thing. >This way, crt-list entries with a filter will always get processed and >added to the tree since they will always be a ³new² SNI entry. I actually just realized what you meant by this. We could run into a situation where we have a negation for a given cert, but due to the way it’s stored, we may update the wrong ctx. I’ll add this to the list of updates. Sorry for the confusion. -Dave
