review.tizen.org Git - platform/upstream/gnutls.git/commit

author	Saurav Babu <saurav.babu@samsung.com>
	Tue, 7 Mar 2017 12:34:33 +0000 (18:04 +0530)
committer	Saurav Babu <saurav.babu@samsung.com>
	Mon, 3 Apr 2017 12:16:22 +0000 (17:46 +0530)
commit	8a8eda6f357dd3c4190d0369849b305fb18a50b6
tree	1bc0e30744796fd59fda8486b373f0231de39001	tree \| snapshot
parent	4397fa5f86e2ea1b02b833c04050f4bd4a6f3c5f	commit \| diff

[Upstream] x509: optimize subject alternative name access

That reads SAN and IAN early on import, significantly reducing
the running time of functions which iterate over the alternative
names of a certificate, e.g., gnutls_x509_crt_check_hostname().

https://gitlab.com/gnutls/gnutls/issues/165
gnutls_x509_crt_check_hostname2() is slow for certificates with many
subject alternative names

gnutls_x509_crt_check_hostname2() can be computationally expensive for
with certificates that contain a larger amount of subject alternative
names. E.g. the first certificate for polytimer.rocks has 944 entries.

gnutls_x509_crt_check_hostname2() repetitively calls
gnutls_x509_crt_get_subject_alt_name() until it finds an alternative
name that matches the specified hostname. In case of the certificate to
polytimer.rocks, this match occurs on the 648th try. It takes around 30
secs to find this match in case of Tizen Phone.

This patch is partially added in Tizen as base code in Tizen is
different from that of Upstream

Change-Id: Iaba3e4f251b3bc2860c125e9ece06f24acae5c08
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>

lib/x509/x509.c		diff \| blob \| history
lib/x509/x509_int.h		diff \| blob \| history