On Tue, Sep 4, 2012 at 4:38 PM, Tim Ruehsen <[email protected]> wrote:
> Hey Nikos. > This mentioned tool could use libtasn1. Impact doesn't matter since the > certificates seldom change. > The X509 certificate format is well defined in RFC 5280 and it should be easy > to output these values into a text format like: > -------- > tbsCertificate.version 2 > tbsCertificate.serialNumber 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 > tbsCertificate.signature sha1WithRSAEncryption > tbsCertificate.issuer C=US, O=America Online Inc., CN=America Online Root > Certification Authority 1 gnutls has certtool as well, but I don't think that this approach is any easier than optimizing libtasn1. The simpler way without radical changes in certificate verification, would need to introduce a certificate cache, in effect storing the libtasn1 tree and restoring it back. Still you'd have to optimize the tree creation/copy etc. I think that the way that is beneficial for all use cases is to optimize tree creation and copy in libtasn1 anyway and avoid any caching. I'll add it in my todo list, but unfortunately currently that doesn't mean much as I'm busy with other things. regards, Nikos
