[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Performance improvement proposal
|
From: |
Paolo De Santis |
|
Subject: |
Performance improvement proposal |
|
Date: |
Mon, 30 Sep 2024 23:46:55 +0200 |
Hello,
After upgrading from openssl 1.x to 3.x, I've seen significant performance
degradation in a particular scenario where wget was used to perform
multiple HEAD requests, targeting a server with a self-signed certificate,
thus using the option "--check-certificate=quiet". That led me to dig a bit
deeper and find an open issue
<https://github.com/openssl/openssl/issues/18814>, regarding the speed of
"SSL_CTX_load_verify_locations" in openssl 3.x. As a workaround, when the
user requests that the certificate is not checked at all, I'd propose to
skip CA certificates loading, thus avoiding unnecessary function calls
(proposed implementation in "skip-ca-loading.patch").
In addition, when the user sets the quiet flag "-q" and, at the same time,
uses the option "--no-check-certificate", I believe the program should
behave as if the user had set "--check-certificate=quiet", because the
warning would not be printed anyways (proposed implementation in
"quiet-cert-check.patch").
Feel free to contact me if you want to discuss further about these possible
changes.
Thanks for your work! Have a great day!
--
Paolo De Santis
skip-ca-loading.patch
Description: Binary data
quiet-cert-check.patch
Description: Binary data
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Performance improvement proposal,
Paolo De Santis <=