Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.2.7
    • Fix Version/s: EJBCA 6.2.8
    • Component/s: Protocols
    • Labels:
      None
    • Issue discovered during:
      Other

      Description

      Multiple small things in HsmResponseThread:
      1. Helper CertTools.convertToX509CertificateHolder(chain) can be used to avoid code duplication.
      2. Conversion should be done in constructor to as quickly as possible return the thread to the pool.
      3. Each HsmResponseThread allocates 20480 bytes via BC's BufferingContentSigner even though a response signed with 4K RSA key and one level chain is less than 2048 bytes. Lower this to at least 4096 bytes.

      (3: In high performance environments, the full OCSP response should in general be smaller than 1492 bytes to fit in a single Ethernet frame. If the system isn't optimized for this, then hitting the buffer limit might not be so important.)

        Attachments

          Activity

            People

            • Assignee:
              johan Johan Eklund
              Reporter:
              johan Johan Eklund
              Verified by:
              Mike Agrenius Kushner
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: