[I'm not sure if this goes into -users or -dev since the implementation uses the openssl library, not the command-line tools.]
Can a certificate repository freely convert between PEM and DER formats? I thought they were simple transcriptions, but I'm not sure since I'm having problems with a trusted cert PEM -> DER -> PEM translation. Maybe I'm just missing a function that tells me whether the X509 object is trusted and should use the trusted output function? There are two reasons for the question. The first is simple consistency -- the software can be a lot simpler and more reliable if it knows that everything is stored in a single format. The second is efficiency -- a DER certificate takes up less physical space and that can have an effect on paging performance. (Obviously the sheer number of certs won't be a problem for anyone other than major CAs.) On the other hand the cost of translating from DER to PEM for 99% of all requests may offset any gains from fitting an extra cert or two into each page. (FWIW this question relates to a user-defined type in a relational database, not individual files or a Berkeley DB file.) Bear ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
