On 2009.10.19 at 13:35:32 -0700, John R Pierce wrote:

> Matthias G?ntert wrote:
>> hello guys
>>
>> is anyone working on a replacement for the text based ca database? It
>> seems the database functions are defined in apps/ca.c and apps/apps.h,
>> at least for version 0.9.8k. wouldn't it be nice if we had something to
>> store the data in a relational db? 
>
> why?  there's nothing 'relational' about certificate stores, they are  
> strictly hierarchical.   maybe a simple ISAM like BerkeleyDB for a very  
> large keystore would speed up lookups, I dunno.

I would rather disagree. 

Distinguished name of the certificate is very close to "relation" in the
terms of relational algebra. 

It contains number of fiels and SQL queries
on the combination of these fields can be quite helpful.

There are also some other fields such as expiration date, revocation
status etc. 

So, SQL allows to easily express such queries as
"All the TLS server certificates for organization X which are not
expired and not revoked"

"All the certificates of person Y which are going to expire next week"


>
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to