On 2009.10.19 at 21:55:09 +0200, Matthias G?ntert wrote: > hello guys > > is anyone working on a replacement for the text based ca database? It
There are such projects as XPKI, which use openssl library to generate certificates and database backend to store them. These projects also provide nice web interfaces both for users and CA operators. OpenSSL is library. openssl utility is more a demo application than production tool. So it is strange to expect it to use something more than plain text files. It is enough for demonstration and development of application. What more to expect from demo app. > seems the database functions are defined in apps/ca.c and apps/apps.h, > at least for version 0.9.8k. wouldn't it be nice if we had something to > store the data in a relational db? is there something already out google > couldnt find? From my own experience (I'm running nigtly tests of openssl builds on several dozens of platforms for few years now, and these tests each time requests dozen of certificates from central test CA each run), you can forget about more efficient backend than txtdb functions, used by openssl ca if number of the certificates in the CA database (including revoked and expired) is less than 100000. If you are expecting your database to grow over 100000 certificates in the reasonable period(which probably means more than 10000 people use it) then you should go for XPKI or something simular. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
