mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
bfc1261ab6
(from patchset 1, c12c890c64dd6372b3893af1e6f5ab11802c9e81, of https://go-review.googlesource.com/c/go/+/230025/1, with merges fixes due to parent commit's differents from its ps1..ps3) Instead of parsing the PEM files and then storing the *Certificate values forever, still parse them to see if they're valid and pick out some fields, but then only store the decoded pem.Block.Bytes until that cert is first needed. Saves about 500K of memory on my (Debian stable) machine after doing a tls.Dial or calling x509.SystemCertPool. A more aggressive version of this is still possible: we can not keep the pem.Block.Bytes in memory either, and re-read them from disk when necessary. But dealing with files disappearing and even large multi-cert PEM files changing (with offsets sliding around) made this conservative version attractive. It doesn't change the slurp-roots-on-startup semantics. It just does so with less memory retained. Change-Id: I3aea333f4749ae3b0026042ec3ff7ac015c72204 |
||
---|---|---|
.. | ||
testdata | ||
cert_pool.go | ||
example_test.go | ||
name_constraints_test.go | ||
pem_decrypt_test.go | ||
pem_decrypt.go | ||
pkcs1.go | ||
pkcs8_test.go | ||
pkcs8.go | ||
root_aix.go | ||
root_bsd.go | ||
root_cgo_darwin.go | ||
root_darwin_arm64.go | ||
root_darwin_arm_gen.go | ||
root_darwin_test.go | ||
root_darwin.go | ||
root_js.go | ||
root_linux.go | ||
root_nocgo_darwin.go | ||
root_omit_test.go | ||
root_omit.go | ||
root_plan9.go | ||
root_solaris.go | ||
root_unix_test.go | ||
root_unix.go | ||
root_windows.go | ||
root.go | ||
sec1_test.go | ||
sec1.go | ||
test-file.crt | ||
verify_test.go | ||
verify.go | ||
x509_test_import.go | ||
x509_test.go | ||
x509.go |