OpenSSL SSL_CTX_set_default_verify_paths Slow
Michael Richardson
mcr at sandelman.ca
Mon Sep 27 14:33:03 UTC 2021
Jay Foster <jayf0ster at roadrunner.com> wrote:
> While migrating some applications from OpenSSL 1.0.2 (and 1.1.1) to
> 3.0.0, I have noticed that the SSL_CTX_set_default_verify_paths()
> function is much slower in 3.0.0. In 1.0.0 it would take about 0.1
> seconds and in 3.0.0 it takes over 3 seconds.
Based upon your straces, the time is spend in the OS.
Are you running this on the same system?
That's still very slow... I wonder if you have a failing disk.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210927/4c7d4af9/attachment.sig>
More information about the openssl-users
mailing list