[gnutls-devel] CRLs

Kurt Roeckx kurt at roeckx.be
Wed Jun 4 18:25:09 CEST 2014


On Wed, Jun 04, 2014 at 05:45:40PM +0200, Nikos Mavrogiannopoulos wrote:
> On Wed, Jun 4, 2014 at 3:16 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> > On Wed, Jun 4, 2014 at 11:38 AM, Nikos Mavrogiannopoulos
> > <nmav at gnutls.org> wrote:
> >> However, to get further improvements an API change is required, i.e.,
> >> an iterator based function to read values for large sequences or sets
> >> that are read in a serialized way.
> > It seems that using the low-level API of libtasn1 could help. I've
> > managed to reduce to 1/3 of the running time using some caching, but
> > unfortunately it requires a new function as it would change the
> > semantics of gnutls_x509_crl_get_crt_serial(). Nevertheless the time
> > for the command
> > time ./certtool --outfile /dev/null --inder --crl-info < gsorganizationvalg2.crl
> > user    29m23.138s
> > when converted to gnutls_x509_crl_get_crt_serial2() reduces to:
> > user    9m10.781s
> 
> And that drops to one second using the libtasn1 from git.

That sound great.  Thanks.


Kurt




More information about the Gnutls-devel mailing list