OpenSSL and connection time



  • Does anyone know about the search mechanism used in OpenSSL w.r.t verifying a serial number against a CRL file? I understand that in the case of Base-CRL approach, the file size will grow over time and also it depends upon the number of revocations and length/size of the serial number.

    Any idea as to whether OpenSSL makes use of binary search or linear search for CRL checking? Due to the environmental constraints, I'm not able to perform some tests to understand the time taken for a CRL check with different CRL file sizes and so looking for an answer here.



  • The certificates revocations in a CRL are not in a particular fixed order which would make a binary search possible. Therefore a simple linear search need to be done.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2