What's the purpose of the CertificateSetItem (formerly known as ca_db_item) class?
Mikael Magnusson
mikma264 at gmail.com
Tue Aug 7 22:41:24 CEST 2007
On Tue, Aug 07, 2007 at 11:47:44AM +0200, Mikael Svensson wrote:
> Hello
>
> I am trying to figure out the purpose of the CertificateSetItem class.
> Whenever a certificate is loaded by the OpenSSL or GNU TLS functions a
> CertificateSetItem is created, keeping track of which certificate
> directories or single certificates that have been loaded. So far, so good.
>
> However, it appears that the remove() function of the CertificateSet
> class (formerly ca_db) removes the CertificateSetItem from the
> certificate set but not unloads the actual certificate from memory. The
> point being that a CertificateSet does not properly keep track of which
> certificates *are actually used by OpenSSL/GNUTLS*, if
> CertificateSetItems are removed from their CertificateSets.
>
> My question is this: What is the use of the CertificateSetItem if they
> only keep track of certificates and certificate directories that *have
> been* loaded in to memory, other than keeping track of which paths that
> should eventually be stored in the settings file!?
>
> Or have I misunderstood something here?
>
The gnutls implementation looks good, but OsslCertificateSet in the
openssl implementation should override remove().
/Mikael M.
More information about the Minisip-devel
mailing list