On 2009-06-03 07:02 PDT, David Stutzman wrote: > I have a DB that has just shy of 7000 keys/certs in it. From the > command line using certutil -L takes ~5 mins or so and then finally > starts showing output all at once after the delay. It ends up using > 80-90MB of ram (according to task manager). certutil -K, however, > starts listing keys right away with no delay, all 6957 of them.
This is Bug 433105: lg_searchKeys always must traverse all keys to find one See especially https://bugzilla.mozilla.org/show_bug.cgi?id=433105#c8 > Do you have an idea of a # that I should stay below to avoid this > behavior or have you not really tested this most likely not-too-common > case? I understand the development of NSS is directed primarily to the > need of the commercial organizations funding it and those server > products normally wouldn't have a need for ~7000 key/cert pairs. This is a problem with key3.db. It's not a problem with key4.db. (Or perhaps I should say, it's much much less of a problem with key4.db.) Since we want people to migrate to the new DBs anyway, fixing this problem with the key3.db is not going to be a high priority. I predict it will never be fixed for key3. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
