Closed
Bug 51425
Opened 24 years ago
Closed 24 years ago
Enhance performance of ssl_DupSocket
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.0.1
People
(Reporter: nelson, Assigned: nelson)
References
Details
Christian Kaiser found that a large percentage of the time spent in handling an SSL server socket was spent in the PR_Accept call. PR_Accept calls ssl_accept, which calls ssl_DupSocket, which calls CERT_CertChainFromCert(), which takes a LONG time. This begs the question: Why does CERT_CertChainFromCert() take SO LONG?? But it also begs the question: why look up the cert chain for the same server cert over and over. Why not just duplicate the CERTCertificateList in the listen socket? Or, better yet, why not reference count that CERTCertificateList and just bump the ref count? I've looked at this briefly. I'm confident that the CERTCertificateList can be duplicated with MUCH less work than building it by looking up the chain again. I have coded a function to duplicate the CERTCertificateList, and am waiting for another bug to be fixed before I can test my change. I need to study all the code that uses the CERTCertificateList structs before I'll know if ref counting will work.
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•24 years ago
|
||
Fixed by these checkins : /cvsroot/mozilla/security/nss/lib/certdb/cert.h,v <-- cert.h new revision: 1.3; previous revision: 1.2 /cvsroot/mozilla/security/nss/lib/certhigh/certhigh.c,v <-- certhigh.c new revision: 1.3; previous revision: 1.2 /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v <-- sslsock.c new revision: 1.3; previous revision: 1.2 However, I'm going to leave this bug open because I want to investigate an even better fix, namely ref counting (instead of duplicating) the CERTCertificateList.
Target Milestone: 3.0 → 3.1
Assignee | ||
Comment 4•24 years ago
|
||
I'm marking this fixed, now that the fix has gone into 3.0.1
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•