On 9/27/21 7:33 AM, Michael Richardson wrote:
Jay Foster <jayf0s...@roadrunner.com> wrote: > While migrating some applications from OpenSSL 1.0.2 (and 1.1.1) to > 3.0.0, I have noticed that the SSL_CTX_set_default_verify_paths() > function is much slower in 3.0.0. In 1.0.0 it would take about 0.1 > seconds and in 3.0.0 it takes over 3 seconds.Based upon your straces, the time is spend in the OS. Are you running this on the same system?
Exact same machine.
That's still very slow... I wonder if you have a failing disk.
I don't think so. The file system is a UBIFS on nand flash, and it works with 1.0.2 and 1.1.1. Even 1.1.1 is a *little* bit slower than 1.0.2, but nowhere near as much slower as 3.0.0.
It looks like the OpenSSL library is reading the cert.pem file in 4KB blocks at a time and doing some processing on the data read. It appears that this processing is what is taking longer.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
