Dr. Stephen Henson wrote:
The second option, which I implemented, is to cache the original encoding and
use the cached form to verify signatures. This makes signature verification
much quicker since no reordering is necessary.
This still requires lock when the revoked entries are sorted but they will stay sorted: therefore no reordering is necessary after the first lookup.
There is a minor disadvantage to this method: if you call X509_CRL_print() before a CRL entry search it will represent the original order whereas calling it afterwards will print out in serial number order. There are ways to fix that too but it would require some incompatible changes and will have to be in 0.9.8.
I have a problem which i think belongs to that. I want to update an existing CRL (adding a new serial numer, update nextUpdate, lastUpdate) and export the new CRL in PEM format using PEM_write_bio_X509_CRL(). Up to version 0.9.7d everything worked fine, with 0.9.7e the output is the old CRL without any updates. Is this a bug, or what should i do to get the new CRL.
Thanks, Thorsten
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
