On Mon, Apr 24, 2023 at 10:28 AM Bernd <e...@zusammenkunft.net> wrote:
> Not sure what exactly is cached, but for CRL only the latest CRL version > should be cached and only for its lifetime (refresh time). > The current cache is not that sophisticated. It uses the encoded byte array as a key which maps to the parsed CRL / cert. The lifetime is unlimited. It is possible flush the (whole) cache by passing null parameters to CertificateFactory methods (this is undocumented from what I can tell). Also, CRLs get quite large, is it compressing the entire it caches? > My understanding is it caches the parsed CRL, yes. CRLs with an encoded size larger than 4MB will not be cached, but 4MB parses into a more heap memory. Eirik.
