Combining certificate cache and root CA database?
Mikael Svensson
minisip at mikaelsvensson.info
Sat Jun 9 13:38:55 CEST 2007
Hello
As my thesis project will involve retrieving end-user certificates from
various Internet servers it will benefit greatly from some form of
certificate cache. As far as I know Minisip doesn't have certificate
cache at the moment...
...unless the root CA database can be considered a cache. Which I think
it can. My question is therefore: What about creating a more generic
certificate management class, similar to the ca_db class but with
additional support for end-user certificates and CRLs!?
My idea is to have the following classes and methods:
[ ca_db/CertDb ]
- MRef<certificate*> findCertificate(subject, issuer)
- void addDirectory(path, type)
- void addFile(path, type)
- void purgeCache()
etc.
[ ca_db_item/CertDbItem ]
- bool isSelfSigned()
- int expiryDate()
- bool isClr()
- bool isRootCACert()
- bool isEndUserCert()
- MRef<certificate*> getCertificate()
- string getIssuer()
- string getSubject()
etc.
Any thoughts on this? Is it better to extend the existing ca_db and
ca_db_item classes or should caching and CRL support be implemented in
entirely new classes?
Regards
Mikael Svensson
More information about the Minisip-devel
mailing list