[sr-dev] [kamailio/kamailio] load_crl takes 90 seconds to complete it execution with large (multi-megabyte) crl file size (#2312)

maheshb2487 notifications at github.com
Wed May 13 12:19:26 CEST 2020


Agreed @miconda , Your input and guidance on the below is needed

>From the code, each profile inside tls.cfg maps to this data structure tls_domain_t, which contains SSL_CTX** ctx; and this is an array of the child tcp process list.

What was the reason to keep it an array list, if am populating the same data to each and every member of the array list ? only one context would have been sufficient instead of an array of context inside tls_domain_t ?

Am just trying to understand what prompted to keep it as an array list of ssl_ctx, instead of a single ssl_ctx. So that could get to know the bigger picture of it and then think of how to resolve it and test it on my setup.

The problem is clear, running the for loop for the tcp child process list for each profile , is consuming time.

why is it SSL_CTX** ctx array, and not just SSL_CTX *ctx , if all the array elements contain the same information.

If you say , SSL_CTX has to be an array though it contains the same value in each item of the array for some design reason - it needs a deeper study on the tls module from my side on how to solve the problem. (Just a guess, probably spawn threads to run them parallely, instead of a single thread doing it)

If you say, SSL_CTX can be just a pointer, it looks like a straight forward problem to resolve.

Regards,
Mahesh.B




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2312#issuecomment-627891390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200513/2d0f9c96/attachment.html>


More information about the sr-dev mailing list