tl;dr importing golang.org/x/crypto/x509roots/fallback adds ~8ms to the
startup time of every program or library that imports it. I would like this
cost to be zero and would be happy to contribute a fix.
Running the following program:
package main
import _ "golang.org/x/crypto/x509roots/fallback"
func main() {}
with the command:
$ go build -o tmp main.go
$ GODEBUG=inittrace=1 ./tmp |& awk '{print $5, $6, $2}' | sort -n |
tail -n 3
0.043 ms internal/godebug
0.052 ms runtime
8.8 ms golang.org/x/crypto/x509roots/fallback
shows that golang.org/x/crypto/x509roots/fallback adds an 9ms start-up cost
on a fast CPU (AMD Ryzen 8700G). This cost is paid whether or not the
fallback X.509 certificates are used or not.
>From looking at the code
<https://go.googlesource.com/crypto/+/refs/tags/v0.37.0/x509roots/fallback/>,
it seems that the CPU is cost is due to parsing about 150 certificates in
.PEM format in the package's unskippable init function.
The obvious, easy, backwards-compatible fix would be to parse the .PEM
files while executing the template that generates bundle.go, instead of
parsing them every time at startup.
Would you accept a CL to fix this?
Tom
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/golang-nuts/d9258786-72c2-47ee-bad3-de6934ff5f80n%40googlegroups.com.
