On Thu, 30 Jun 2016, Tor Arntsen wrote:
Yes, it's exactly the same tests as we've been doing. This is the Debian
curl package, seems to be gnutls:
This seems to be something about how the Debian curl or libcurl are built.
Here's comparing debian 7.47.0 curl vs my own local 7.50.0-DEV build, both
using the exact same GnuTLS version 3.4.13:
$ time curl --tcp-nodelay -s -o/dev/null https://www.google.com/a.html
real 0m0.102s
user 0m0.076s
sys 0m0.008s
$ time ./src/curl --tcp-nodelay -s -o/dev/null https://www.google.com/a.html
real 0m0.036s
user 0m0.016s
sys 0m0.004s
Specifically, it seems to be about how it finds the CA certs and reading them.
I run strace -tt on the debian build and my own build and compare:
My build:
$ grep BEGIN my-strace-log
18:47:44.950234 read(5, "-----BEGIN CERTIFICATE-----\nMIIE"..., 270336) =
The Debian build:
$ grep -c BEGIN debian-strace-log
525
See, it reads no less than 525 separate files. No wonder that takes time. How
much time? I think most of the extra time can be explained by this:
$ grep BEGIN debian-strace-log | head -1
18:47:12.015910 read(5, "-----BEGIN CERTIFICATE-----\nMIIE"..., 270336) =
$ grep BEGIN debian-strace-log | tail -1
18:47:12.149284 read(6, "-----BEGIN CERTIFICATE-----\nMIIF"..., 4096) = 1948
In this invoke over 130 milliseconds just to finnish reading the CA certs! (I
assume the slightly slower execution here is due to the stracing itself)
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
