For simple DB stuff, you can use ODBC libraries, they are
available/compilable on all platforms.
----- Original Message -----
From: Dr Stephen Henson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 07, 1999 9:30 AM
Subject: Re: CA DB Support
> Massimiliano Pala wrote:
> >
> > Bruce Stephens wrote:
> >
> > > I haven't tested. I'd guess index.txt would cause some things to slow
> > > performance (but possibly not---I'm assuming there are linear searches
> > > around). The public keys seem to be kept in separate files in a
> > > directory: however they get used, that's going to cause some prblems
> > > on some filesystems.
> > >
> > > However, I'd guess the current design is probably fine for, say, 10000
> > > certificates. Specific applications might find the scalability a
> > > problem, but for most purposes it's fine.
> >
> > I have tested it with 500.000 certificates and gave me no problems, but
> > our question is about 5/10 Millions of certificates. What about file
> > system capabilities (let's say for UNiX systems like
Linux/SunOS/FreeBSD/
> > etc... ) ???
> >
> > Someone has ever got to think about similar problems ???
> >
>
> index.txt is stored in an in memory database: the extended memory
> requirements may cause problems if huge numbers of certificates used.
>
> When the database is changed the whole thing is written to disk: again
> potential problems of corruption.
>
> Additional problems can arise if you store copies of certificates in the
> same directory: a few million files in a directory is not advisable!
>
> 'ca' was not initially meant to be used for a full blown CA it was just
> a demo.
>
> I've often considered using some kind of database for certificates. One
> problem is getting something that compiles on all platforms.
>
> In the longer term it might be better if things like req, ca, x509
> functionality was exposed to something like perl which could make things
> a bit friendlier.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
