31
edits
NSS libPKIX Brainstorming: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
*2 | *2 | ||
*... | *... | ||
==Performance Comparison== | |||
*Comparison was made between NSS current certificate verification (CERT_VerifyCertificate) and libPKIX (PKIX_BuildChain) functions with the following conditions: | |||
**Machine: amd 2 core opteron with Linux 2.6.16 | |||
**Chain contains three certificate. Leaf cert -> enterm CA -> trusted CA installed into the certificate db. | |||
**if lib ckbi is installed then nss will try to find a proper trust anchor among 106 trusted CA certs. | |||
**caches are primed with prior cert chain verification. | |||
**measurement is taken for 1000 tries. | |||
*Results: | |||
**(with lib ckbi is installed) | |||
*** libpkix: 720 microsec | nss code: 980 microsec | |||
**(without lib ckbi is installed) | |||
*** libpkix: 540 microsec | nss code: 840 microsec | |||
**Certificate traversal time for 106 certs with ckbi installed is around 2600 microseconds. | |||
==Identified Tasks== | ==Identified Tasks== | ||