ssl: reuse *tls.Config if connection settings are identical #1033
Conversation
kevinburke1
force-pushed
the
hash-tls-config
branch
from
9449587
to
5e685a0
Compare
Previously, we would reload and re-parse a certificate from disk every single time we initialized a connection and the sslrootcert setting was enabled. This results in a lot of allocations that can be avoided. Instead, save the *tls.Config for a given configuration hash, and reuse it when we see it again. Fixes lib#1032.
kevinburke1
force-pushed
the
hash-tls-config
branch
from
5e685a0
to
11ecdbf
Compare
There was a problem hiding this comment.
Looks reasonable, however there is a potential issue with certain parameter values that would result in two instances being stored (one with the original value, one with the deleted values). See also #1031
| hash := string(o.Hash()) | ||
| // This pseudo-parameter is not recognized by the PostgreSQL server, so let's delete it after use. | ||
| configMapMu.Lock() | ||
| conf, ok := configMap[hash] |
There was a problem hiding this comment.
The hash can change due to delete(o, "sslrootcert") and delete(o, "sslinline") below.
Edit: Actually, delete(o, "sslinline") got removed in #1035.
|
Unless I'm missing something, this looks like it would result in a stale certificate staying in memory until your program is restarted. I don't know if it would be appropriate to register a SIGHUP handler in a library to drop the cache, but that would be preferable to needing to restart the service. Or maybe we could still stat() the file on connect time and re-parse if mtime is newer than what we have cached? |
Previously, we would reload and re-parse a certificate from disk every
single time we initialized a connection and the sslrootcert setting
was enabled. This results in a lot of allocations that can be avoided.
Instead, save the *tls.Config for a given configuration hash, and
reuse it when we see it again.
Fixes #1032.