LISTSERV 16.5 - XROOTD-DEV Archives

What are the chances of making this a standalone class so we can put it in the XrdTls package so that it's generally useful. It would certainly lower the overhead for OpenSSL as well.

Are you sure it's necessary for XrdTls as well?

I ask that because I had assumed XrdTls does lazy loading of CA certificates - that is, instead of parsing the entire directory, it just pulls in the exact hashes it needs.

You are right that this would be useful for libcurl with the OpenSSL backend as well. For NSS, it's about correctness -- but for OpenSSL, this would bring a noticeable speed improvement.

Additionally, the natural follow-up here is to put together a CRL file; libcurl only supports concatenated CRL files and doesn't work with CRLs in a CA directory. I figured I was going to delay enabling this for OpenSSL until the second round.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1431#issuecomment-807923672", "url": "https://github.com/xrootd/xrootd/pull/1431#issuecomment-807923672", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1