On Fri, Aug 21, 2015 at 05:09:08PM +0000, Dave Zhu (yanbzhu) wrote: > On 8/21/15, 1:07 PM, "Dave Zhu (yanbzhu)" <[email protected]> wrote: > > >Hey Emeric, > > > >>I think you don't notice that certificate in the wild card tree are not > >>stored using their fullnames (we exclude the '*' and start at the first > >>'.'). > > > >No I did not notice this, but I believe this is actually a good thing. > >This way, crt-list entries with a filter will always get processed and > >added to the tree since they will always be a ³new² SNI entry. > > I actually just realized what you meant by this. We could run into a > situation where we have a negation for a given cert, but due to the way > it??s stored, we may update the wrong ctx. > > > I??ll add this to the list of updates. > > Sorry for the confusion.
Really, don't feel sorry. The subject is more complex than it seems, and that's why I wanted to ensure everyone had a chance to participate. We must definitely not miss something here. Thanks! Willy
