Bug 1667121 - performance regression in libcurl caused by the use of PK11_CreateManagedGenericObject() [rhel-7.6.z]
Summary: performance regression in libcurl caused by the use of PK11_CreateManagedGene...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-pem
Version: 7.6
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Kamil Dudka
QA Contact: Daniel Rusek
Depends On: 1659108
TreeView+ depends on / blocked
Reported: 2019-01-17 14:11 UTC by RAD team bot copy to z-stream
Modified: 2019-03-13 18:45 UTC (History)
2 users (show)

Fixed In Version: nss-pem-1.0.3-5.el7_6.1
Doc Type: Bug Fix
Doc Text:
Cause: libcurl started to use the PK11_CreateManagedGenericObject() function from NSS (Network Security Services) in RHEL-7.6 to reduce memory consumption while loading certificates from files. Consequence: This caused a severe performance regression in nss-pem because an internal array of pointers to internal objects started to grow per each load of a certificate. As the array is looked up sequentially, it resulted in excessive CPU usage and unacceptable delays in libcurl connections over TLS. Fix: The internal array has been replaced by a linked list, which allows to remove arbitrary nodes in a constant amount of time. Result: PK11_CreateManagedGenericObject() can now be used without any measurable performance penalty.
Clone Of: 1659108
Last Closed: 2019-03-13 18:45:07 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0500 0 None None None 2019-03-13 18:45:08 UTC

Description RAD team bot copy to z-stream 2019-01-17 14:11:32 UTC
This bug has been copied from bug #1659108 and has been proposed to be backported to 7.6 z-stream (EUS).

Comment 7 errata-xmlrpc 2019-03-13 18:45:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.