Feature proposal: Intermediate certificates cache #193

New Issue

adam · 2025-12-29T01:18:39+01:00

adam commented

2025-12-29 01:18:39 +01:00

Originally created by @rpv-tomsk on GitHub (Feb 7, 2017).

The walk_chain() requests certificates from remote server each time.
It can use local certificate copy instead.

Algo:

Get certificate issuer hash

ISSUER_HASH="$($OPENSSL x509 -in "${CERT}" -noout -issuer_hash)"

Check if we already have its local copy in cache
If have, use it, if no - download and store to cache (filename is formed as ${ISSUER_HASH}.crt).

The similar is implemented in cf368d3b71

Although that is much more important there in monitoring (it requested much more often than in renewal process).

What do you think about this feature?

Thanks for your tool.

Originally created by @rpv-tomsk on GitHub (Feb 7, 2017). The walk_chain() requests certificates from remote server each time. It can use local certificate copy instead. Algo: 1) Get certificate issuer hash `ISSUER_HASH="$($OPENSSL x509 -in "${CERT}" -noout -issuer_hash)"` 2) Check if we already have its local copy in cache 3) If have, use it, if no - download and store to cache (filename is formed as `${ISSUER_HASH}.crt`). The similar is implemented in https://github.com/matteocorti/check_ssl_cert/commit/cf368d3b71dc787c8449aae90d177efdc6d042a9 Although that is much more important there in monitoring (it requested much more often than in renewal process). What do you think about this feature? Thanks for your tool.

adam closed this issue

2025-12-29 01:18:40 +01:00

adam commented

2025-12-29 01:18:40 +01:00

@lukas2511 commented on GitHub (Jul 10, 2017):

Implemented in d685463673, thanks for the suggestion.

@lukas2511 commented on GitHub (Jul 10, 2017): Implemented in d685463673919ba4f9d2035d021293f241a66055, thanks for the suggestion.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#193