Richard Levitte - VMS Whacker wrote: > > From: Dr S N Henson <[EMAIL PROTECTED]> > > stephen.henson> I've done some work on this but its only partly > stephen.henson> complete and sitting in a dark corner of my hard > stephen.henson> drive... > > I'm curious to see what you've come up with so far. >
I'll dig out the code. It was largely based around the PKCS#11 functionality but with an OpenSSL flavour. That is you have a load of objects each of which is a set of attributes. You can then lookup based on exact matches of each attribute. However since all OpenSSL needs is a match on a single attribute it was a bit of overkill. If multiple atttribute searches were needed it could always pull everything matching one attribute and weed out the rest. One problem was that it returned matching entries as STACK_OF. That would work for small numbers of matches but would be awkward for huge databases with large numbers of matches for which some kind of "get first n matching" and "get next n matching" (with n >=1) might be more appropriate. The way I'd intended it to be used would be to allow various database types which would implement the top level API. Implementing the whole API would be excessively painful and unnecessary for some cases. I'd got one of the databases partly going which was a simple memory based database. This is the kind of thing a simple applications could use with a small number of certificates: call some add() function and let the supplied code handle all the lookups. This would probably be OK for the existing directory and file based stuff. Other database types could be some kind of hash based database (which could use gdb or Berkeley db) or indeed some SQL stuff. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
