with postgres 7.1 the 8k limit is gone anyway.
On Sun, 27 Jan 2002, Bear Giles wrote: > Date: Sun, 27 Jan 2002 19:23:55 -0700 (MST) > From: Bear Giles <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: SQL DB instead of index.txt > > > A simple question, but not a least: > > instead of using the index.txt file as database of registered certificates, > > could it be possible to use a SQL database "e.g. PostgreSQL" as the > > engine version of openssl can with HSM "e.g. nCipher" > > My PKIX extensions to PostgreSQL 7.1.x provide "native" support > for certificates, CRLs and key (PKCS8) objects. It also supports > PKCS7 encrypted objects. > > The external representation is always PEM (with accessor functions > to get most of the fields), the internal representation is ASN.1, > and the data is "TOASTable" so you aren't bound by the usual 8k > limitations. The library is mostly "glue" between the PostgreSQL > backend and the OpenSSL library. > > The intention was provable consistency, not raw performance. For > instance, in the cert repository mentioned below I recommend a > referential integrity check that requires the issuer of a cert > also be in the database. > > The latest version also has a simple Jave JSP/servlet cert repository, > with certificate authority and registration authority on the way. > It supports all of the search criteria recommended by Gutman, and > besides the "direct" mode it can produce XML. The goal is to use > XML and XSLT to produce results in whatever format you want. > > On the C side, it should be easy to create a wrapper library that > uses ESQL/C (ecpg) to access the database. Just use a host variable > and the BIO routines that use memory buffers. With ESQL/C, it > would be easy to migrate to a different RDBMS if necessary. > > Long term, it would be best to create an abstraction layer that > would allow any backend to be used. I can think of multiple > common storage formats: text files, DBM files, LDAP, RDBMS. But > that's definitely not a 0.9.7 task! > > libpkixpq is available at: http://www.dimensional.com/~bgiles/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
