cURL / Mailing Lists / curl-library / Single Mail


Re: some thoughts about

From: Daniel Stenberg <>
Date: Wed, 12 Nov 2014 00:07:13 +0100 (CET)

On Tue, 11 Nov 2014, Guenter wrote:

> now usually the download of the certdata.txt file is most of the script's
> execution time, while creating a new ca-bundle.crt takes only a second or
> two on nowaday's machines ...

The download time is of course also very different depending on network speeds
etc. It is really fast for me.

> at a minimum I would like to change the SHA1 checksum to MD5 since we dont
> use it here for security but only as checksum over certdata.txt; this would
> make the script more compatible with older Perl versions where Digest::SHA
> might not be part of the Perl core ...

Does it really matter if it is part of the core? I'm asking since I'm under
the impression this script is used on machines more "developy" and thus likely
to have the flexibility of extra perl packages. Maybe I'm wrong.

> more I would like to remove this checking completely, and just allways
> create a fresh ca-bundle.crt and backup the old, as we did years ago; this
> checking makes no real sense to me since we have anyway already downloaded a
> fresh certdata.txt, and would probably only save a second execution time for
> creating a fresh ca-bundle.crt while we did already use 5 or more secs to
> download certdata.txt + time to create the checksum ...

Yeah, I wouldn't object much to such a change. I added the checksum thing
basically to maintain the former functionality so that the output wouldn't be
touched if there was no news (that's a feature I myself use and need in
scripting in my end) but you are of course right that there's also not much of
a speed benefit now.

But now when the check is there, what's the benefit of removing it? It does
alter the behavior of the script somewhat. Maybe we could just make it
conditional on an option to save me from having to edit my scripts too much?

List admin:
Received on 2014-11-12