 |
 |
> What are the chances of making this a standalone class so we can put it in the XrdTls package so that it's generally useful. It would certainly lower the overhead for OpenSSL as well. Are you sure it's necessary for `XrdTls` as well? I ask that because I had assumed `XrdTls` does lazy loading of CA certificates - that is, instead of parsing the entire directory, it just pulls in the exact hashes it needs. You are right that this would be useful for libcurl with the OpenSSL backend as well. For NSS, it's about correctness -- but for OpenSSL, this would bring a noticeable speed improvement. Additionally, the natural follow-up here is to put together a CRL file; libcurl _only_ supports concatenated CRL files and doesn't work with CRLs in a CA directory. I figured I was going to delay enabling this for OpenSSL until the second round. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1431#issuecomment-807923672 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1