OpenSSLv3 - loading certificates is much slower than previous versions #16871
Description
Recreated on Linux x64 and Windows x64 with Node.js 17 that uses OpenSSL v3
Node.js provides the option to add extra certificates. When this is done the certificates are loaded using PEM_read_bio_X509 as follows:
if (root_certs_vector.empty() &&
per_process::cli_options->ssl_openssl_cert_store == false) {
for (size_t i = 0; i < arraysize(root_certs); i++) {
X509* x509 =
PEM_read_bio_X509(NodeBIO::NewFixed(root_certs[i],
strlen(root_certs[i])).get(),
nullptr, // no re-use of X509 structure
NoPasswordCallback,
nullptr); // no callback data
// Parse errors from the built-in roots are fatal.
CHECK_NOT_NULL(x509);
root_certs_vector.push_back(x509);
}
}
This seems to be much slower in OpenSSL v3 (which is what was pulled into Node.js 17) versus earlier versions. Loading extra certificates seems to add 60 or more milliseconds (will vary by machine) than it did before. Since startup time is only 40ms on the same machine without extra certificates going from 40 to over 100ms is pretty significant.
Is this a known issue or expected? I searched through github and the release notes but I've not been able to find anything that might explain or suggest this would be expected.