Right now the CRL file is parsed and loaded in memory upon every client
connection. In case of large CRL files this operation introduces a
non-negligible delay (order of seconds).
Some users may prefer to avoid such delay by storing the CRL file in
memory and have it ready for lookup upon client c
Implement the functions needed by the crl-persist logic when openssl
is enabled. Such functions are used in the ssl_verify module.
Note that the CRL file is stored in an adhoc data structure and no
openssl specific object is used. The data structure being used is a
sorted array or serials that can
Implement the functions needed by the crl-persist logic and
used by the ssl_verify module.
No special data structure has been used to store the CRL as
mbedtls already provides its own object and helper functions.
Tests have been performed by using a CRL file having size 143MB.
Original delay upon
Hello OpenVPN community,
this is my first contribution (attempt) to the OpenVPN project.
Please be gentle ;)
With this small patchset I am introducing a simple logic that
reduces the overall client connection time when the CRL file is quite big.
Basically it consists in pre-loading the CRL file
On 28/09/16 13:08, Steffan Karger wrote:
> Fixes compiler warnings (undefined behavior) by making the copy explicit
> to comply to strict aliasing rules. With newer GCC the old code could
> actually lead to undefined behaviour.
>
> See e.g. http://blog.regehr.org/archives/959.
Hmm ... This is an
Am 28.09.16 um 13:08 schrieb Steffan Karger:
> Fixes compiler warnings (undefined behavior) by making the copy explicit
> to comply to strict aliasing rules. With newer GCC the old code could
> actually lead to undefined behaviour.
>
I always considered this to be legal C. But if the spec says o
