Bruce Stephens wrote:
>
> Massimiliano Pala <[EMAIL PROTECTED]> writes:
>
> > I was discussing with some people from the OpenCA project and we do
> > think that a DB support (like Berkeley DB, NDBM, GDBM) should be
>
> However, I'd guess the current design is probably fine for, say, 10000
> certificates. Specific applications might find the scalability a
> problem, but for most purposes it's fine.
Depends on how you're using it. IMHO the main performance-related issue
is the client access: searching for certificates (by any attributes like
CN, Email etc.), loading of certificates, doing on-line verification
etc.
Well, you can keep that away from OpenSSL's index.txt by storing the
certs on a LDAP server like OpenLDAP which is optimized for such kind of
stuff. You might wanna use a HTTP/LDAP gateway for providing the cert
data via HTTP to clients not capable of LDAP (e.g. use my package
web2ldap found on http://sites.inka.de/ms/python/web2ldap/). Currently
I'm thinking about stripping down my package web2ldap for doing exactly
this job.
Ciao, Michael.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
