> I'd consider an implementation of memcmp that doesn't early stop as soon
> as it sees a difference as completely broken, performance wise. Memcmp
> returns an ordered comparison but that can be done as soon as the first
> bit difference is seen.
Me too. But look at the ASN1 for a certificate. Given two certs, how far
down the chain are you first likely to see a difference? Use that as your
DER offset. That's why I suggested starting at the *end*. I should have
left out the part about starting at the beginning.
/r$
--
SOA Appliance Group
IBM Application Integration Middleware
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
