> I'd consider an implementation of memcmp that doesn't early stop as soon

> as it sees a difference as completely broken, performance wise. Memcmp
> returns an ordered comparison but that can be done as soon as the first
> bit difference is seen.


Me too. But look at the ASN1 for a certificate. Given two certs, how far
down the chain are you first likely to see a difference? Use that as your
DER offset. That's why I suggested starting at the *end*. I should have
left out the part about starting at the beginning.

/r$

--
SOA Appliance Group
IBM Application Integration Middleware


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org