-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loading native certs takes 300ms on OS X #30
Comments
Thanks for the detailed report! I don't presently have a mac to make progress on this, do you have any suggestions of improvements we can make here? It looks from the flamegraph that ~all the time is in required security framework calls, which makes me think this is another good argument for taking a different approach to the goals of this crate, as mentioned in #25 |
It might make more sense to file an issue against the security-framework crate, since ~all the work is being done in that crate anyway. |
Based on the discussion above and the progress made on https://github.com/rustls/rustls-platform-verifier I think we should close this issue. If performance on MacOS is still a problem for this crate I would encourage you to file an issue against https://github.com/kornelski/rust-security-framework, we can pull in any performance improvements that are made downstream. |
Hi @rcoh , I am having the same problem on a MacOS dev environment. Have you reported this issue on https://github.com/kornelski/rust-security-framework or were you able to find a workaround? Thanks |
I believe we "fixed" it by loading certs in lazy static so it only happened once |
@mdecimus have you considered trying rustls-platform-verifier as suggested above? |
@djc I don't have that option as in my case the slowdown was caused by |
For what it's worth, you can use |
Mac Native TLS takes a long time to load. rustls/rustls-native-certs#30 This is an issue as some git operations spawn (sequentially) a large number of git-xet subprocesses. This switches reqwest to using an embedded Mozilla certificate roots. (webpki-roots crate)
Mac Native TLS takes a long time to load. rustls/rustls-native-certs#30 This is an issue as some git operations spawn (sequentially) a large number of git-xet subprocesses. This switches reqwest to using an embedded Mozilla certificate roots. (webpki-roots crate). This reduces push time by about 33%.
I'm looking into rust-platform-verifier—seems like it's not actually on crates.io though? |
That's correct. We're tracking tasks for an initial release here. |
Loading native certs on OS X takes 300ms:
flamegraph.pdf
Apologies for the PDF flamegraph, GitHub is blocking SVGs.
For comparison, the crate
native-tls
only takes 100ms to load TLS certs & connect to google over HTTPS, so it seems like it should definitely be possible to improve:Cargo tree
The text was updated successfully, but these errors were encountered: