tl;dr importing golang.org/x/crypto/x509roots/fallback adds ~8ms to the 
startup time of every program or library that imports it. I would like this 
cost to be zero and would be happy to contribute a fix.

Running the following program:

    package main
    import _ "golang.org/x/crypto/x509roots/fallback"
    func main() {}

with the command:

    $ go build -o tmp main.go
    $ GODEBUG=inittrace=1 ./tmp |& awk '{print $5, $6, $2}' | sort -n | 
tail -n 3
    0.043 ms internal/godebug
    0.052 ms runtime
    8.8 ms golang.org/x/crypto/x509roots/fallback

shows that golang.org/x/crypto/x509roots/fallback adds an 9ms start-up cost 
on a fast CPU (AMD Ryzen 8700G). This cost is paid whether or not the 
fallback X.509 certificates are used or not.

>From looking at the code 
<https://go.googlesource.com/crypto/+/refs/tags/v0.37.0/x509roots/fallback/>, 
it seems that the CPU is cost is due to parsing about 150 certificates in 
.PEM format in the package's unskippable init function.

The obvious, easy, backwards-compatible fix would be to parse the .PEM 
files while executing the template that generates bundle.go, instead of 
parsing them every time at startup.

Would you accept a CL to fix this?

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/golang-nuts/d9258786-72c2-47ee-bad3-de6934ff5f80n%40googlegroups.com.

Reply via email to