On Tue, Aug 25, 1998, Dave Finnegan wrote:
> However, I was really looking to learn a bit more about
> what the hash files were for.
Oh sorry, I misunderstood you.
When SSLeay has to verify the client it has to check the client certificate
against the issuers certificate, i.e. SSLeay as to check if the client
certificate is signed by one of the known CAs. For this SSLeay usually would
have to check all configured CA certificates. When they are assembled in the
SSLCACertifcateFile that's easy and fast. But when they are staying around in
SSLCACertifcatePath as stand-alone files SSLeay would have to read all of
them. To speed up this processing SSLeay computes the hash (from the CA
certifcates subject I think) and tries to find it this way directly. That's
the reason why under SSLCACertificatePath the hash symlinks have to exist.
Greetings,
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com