|
Hi,
I am using apache_1.3.24 with
mod_ssl-2.8.8-1.3.24 and openssl-engine- 0.9.6g.
When I configure apache to work
in SSL with client authentication and a crl that consist of 50,000 revoked certs
I get very poor number
of transactions per second.
when I looked at the code I
have noticed that the function X509_CRL_verify takes a big amount of time to
complete.
My question is
:
Why do we need to check the crl
signature for every client?
The client certificate was
already checked to be valid and the crl validity was checked by the server
administrator.
so what is the purpose of this
function?
Thanks
Alon
|
- Re: X509_CRL_verify Alon Philosoph
- Re: X509_CRL_verify Richard Levitte - VMS Whacker
