I have a DB that has just shy of 7000 keys/certs in it. From the
command line using certutil -L takes ~5 mins or so and then finally
starts showing output all at once after the delay. It ends up using
80-90MB of ram (according to task manager). certutil -K, however,
starts listing keys right away with no delay, all 6957 of them.
Do you have an idea of a # that I should stay below to avoid this
behavior or have you not really tested this most likely not-too-common
case? I understand the development of NSS is directed primarily to the
need of the commercial organizations funding it and those server
products normally wouldn't have a need for ~7000 key/cert pairs.
The problem first manifested itself while I was running a Java app and
called the JSS method PK11Store.getCertificates() which calls the native
method PK11Store.putCertsInVector(Vector certs).
This is with cert8.db and key3.db formats.
Dave
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto