> I'd consider an implementation of memcmp that doesn't early stop as soon
> as it sees a difference as completely broken, performance wise. Memcmp > returns an ordered comparison but that can be done as soon as the first > bit difference is seen. Me too. But look at the ASN1 for a certificate. Given two certs, how far down the chain are you first likely to see a difference? Use that as your DER offset. That's why I suggested starting at the *end*. I should have left out the part about starting at the beginning. /r$ -- SOA Appliance Group IBM Application Integration Middleware ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]