On 2009.10.19 at 13:35:32 -0700, John R Pierce wrote: > Matthias G?ntert wrote: >> hello guys >> >> is anyone working on a replacement for the text based ca database? It >> seems the database functions are defined in apps/ca.c and apps/apps.h, >> at least for version 0.9.8k. wouldn't it be nice if we had something to >> store the data in a relational db? > > why? there's nothing 'relational' about certificate stores, they are > strictly hierarchical. maybe a simple ISAM like BerkeleyDB for a very > large keystore would speed up lookups, I dunno.
I would rather disagree. Distinguished name of the certificate is very close to "relation" in the terms of relational algebra. It contains number of fiels and SQL queries on the combination of these fields can be quite helpful. There are also some other fields such as expiration date, revocation status etc. So, SQL allows to easily express such queries as "All the TLS server certificates for organization X which are not expired and not revoked" "All the certificates of person Y which are going to expire next week" > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
