On Tue, 2016-03-08 at 18:22 +0530, varun naganathan wrote: > I'm currently working to migrate the storage of certs to a hash table > rather than a linked list which provides lookups at O(1) rather than > the present lookup of O(n). > > The details of this behavior can be found in > https://bugzilla.mozilla.org/show_bug.cgi?id=1253211 > Any alternate suggestions to improve and optimize the behavior are > welcomed.
So fixing it the nssPKIObjectCollection to use hash tables — one hashed on the object uid and one on the instance (token/handle) — will be a very good start. From discussion on IRC it looks like you're making good progress on that. But we still end up with the rather bizarre situation that things lie PK11_FindCertsFromEmailAddress() are invoking NSSTrustDomain_TraverseCertificates() with their own callback (e.g. FindCertsEmailCallback()).... but we still end up building up this huge nssPKIObjectCollection of *all* the certs that exist anywhere, before we start to filter it down to only the ones we're actually interested in. So your hash tables fixes are great, and they'll fix PK11_ListCerts() to run in a sane amount of time. But I still find myself wondering why the PK11_FindCertsFrom*() functions even *noticed* this issue. We should apply the filter *before* building up the results in a collection, surely? -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
