[Info-vax] CA Cert database...
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Jul 3 13:09:40 EDT 2019
On 2019-07-03 15:10:32 +0000, Grant Taylor said:
> On 7/3/19 7:43 AM, Dennis Boone wrote:
>> I.e. run `openssl x509 -hash -noout -in something.crt` and make a
>> symlink (or copy) of the cert file named with the resulting string,
>> appending ".0".
>
> I get the reason for the hash, but does anyone know the reason for the
> .0 suffix? Is there a provision to allow multiple versions with other
> suffixes?
It's a provision for what are effectively hash collisions. Calculate
the hash for the arriving certificate, then look for the hash.0 file,
and check its contents. If the contents don't match, look for hash.1
file. Repeat. If no file and no match is found, punt.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list