On Mon, Feb 11, 2008, Guenter Knauf wrote: > Hi, > there are some recommened methods for creating a ca-bundle.crt.... > most use the openssl commandline with something like: > openssl x509 -fingerprint -text -in infile -inform PEM >> outfile > which produces a bunch of text info beside the PEM certs itself. > Now I would like to know: > - is anything of the text info relevant for the CA lookup for openssl? > - is the lookup faster if I ommit the text info, and only write out the PEM > certs? > - is the fingerprint of any use for the lookup process? > > F.e. if I create a ca-bundle.crt with text info the file is ~542kb (114 CAs); > if I create a ca-bundle.crt without text then its only ~183kb... >
None of text info (including fingerprint) is used during the lookup process. Omitting it makes the file shorter and makes it slightly quicker to read initially but has no effect after that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
