can repository reliably convert between PEM and DER?
[I'm not sure if this goes into -users or -dev since the implementation
uses the openssl library, not the command-line tools.]
Can a certificate repository freely convert between PEM and DER formats?
I thought they were simple transcriptions, but I'm not sure since I'm
having problems with a trusted cert PEM -> DER -> PEM translation. Maybe
I'm just missing a function that tells me whether the X509 object is
trusted and should use the trusted output function?
There are two reasons for the question. The first is simple consistency
-- the software can be a lot simpler and more reliable if it knows that
everything is stored in a single format.
The second is efficiency -- a DER certificate takes up less physical space
and that can have an effect on paging performance. (Obviously the sheer
number of certs won't be a problem for anyone other than major CAs.) On
the other hand the cost of translating from DER to PEM for 99% of all
requests may offset any gains from fitting an extra cert or two into each
(FWIW this question relates to a user-defined type in a relational
database, not individual files or a Berkeley DB file.)