On 9/27/21 7:33 AM, Michael Richardson wrote:
Jay Foster <jayf0ster@xxxxxxxxxxxxxx> wrote:
> While migrating some applications from OpenSSL 1.0.2 (and 1.1.1) to
> 3.0.0, I have noticed that the SSL_CTX_set_default_verify_paths()
> function is much slower in 3.0.0. In 1.0.0 it would take about 0.1
> seconds and in 3.0.0 it takes over 3 seconds.
Based upon your straces, the time is spend in the OS.
Are you running this on the same system?
Exact same machine.
That's still very slow... I wonder if you have a failing disk.
I don't think so. The file system is a UBIFS on nand flash, and it
works with 1.0.2 and 1.1.1. Even 1.1.1 is a *little* bit slower than
1.0.2, but nowhere near as much slower as 3.0.0.
It looks like the OpenSSL library is reading the cert.pem file in 4KB
blocks at a time and doing some processing on the data read. It appears
that this processing is what is taking longer.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
