Just to add a data point to this discussion. There is a mechanism in OpenSSL to avoid reencoding an ASN1 structure and to just cache the received encoding.
This is currently used in a few places already for various reasons. This has an advantage in that it makes certificate verification quicker and avoids the need to allocate further memory. On the minus side any application that modifies a certificate structure and re-signs it will no longer work as it wont recognises the cache is dirty. As a quick test I updated the certificate definition to use a cached encoding instead (3 line change) and the certificates now verify fine. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
