A lot depends on what you mean by "verify", too. TLS endpoints should perform
a large number of checks on certificates; some of them aren't relevant for your
purposes, and others might not be.
For example, a TLS client such as a browser will check whether the received
entity certificate identi
Also consider using the functions that the "openssl verify"
command uses (source file: apps/verify.c), perhaps from a
bulk process that can be run on each CPU node on your
compute cluster. With a little thought, these can be done
efficiently, with lots of reused (i.e. not repeated) actions,
such
Depends what information you need - if you just need a binary valid/not
valid then prune it first then verify. If you want a more fine grained data
set then don't. Write some code - forking and running openssl verify each
time will be insanely slow - don't do that. I doubt you really have a
billio
Hello,
I am a CS graduate student and doing a measurement study regarding the SSL
ecosystem. I have approximately 1 billion SSL certificates and I would like to
run openssl verify on each certificate to sift out invalid certificates. My
major concern, as you might guess, is whether doing this v
