tailscale/tempfork/x509
Brad Fitzpatrick bfc1261ab6 crypto/x509: keep smaller root cert representation in memory until needed
(from patchset 1, c12c890c64dd6372b3893af1e6f5ab11802c9e81, of
https://go-review.googlesource.com/c/go/+/230025/1, with merges fixes
due to parent commit's differents from its ps1..ps3)

Instead of parsing the PEM files and then storing the *Certificate
values forever, still parse them to see if they're valid and pick out
some fields, but then only store the decoded pem.Block.Bytes until
that cert is first needed.

Saves about 500K of memory on my (Debian stable) machine after doing a
tls.Dial or calling x509.SystemCertPool.

A more aggressive version of this is still possible: we can not keep
the pem.Block.Bytes in memory either, and re-read them from disk when
necessary. But dealing with files disappearing and even large
multi-cert PEM files changing (with offsets sliding around) made this
conservative version attractive. It doesn't change the
slurp-roots-on-startup semantics. It just does so with less memory
retained.

Change-Id: I3aea333f4749ae3b0026042ec3ff7ac015c72204
2020-04-24 21:27:48 -07:00
..
testdata Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
cert_pool.go crypto/x509: keep smaller root cert representation in memory until needed 2020-04-24 21:27:48 -07:00
example_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
name_constraints_test.go crypto/x509: add support for CertPool to load certs lazily 2020-04-24 21:27:48 -07:00
pem_decrypt_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
pem_decrypt.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
pkcs1.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
pkcs8_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
pkcs8.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_aix.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_bsd.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_cgo_darwin.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_darwin_arm64.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_darwin_arm_gen.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_darwin_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_darwin.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_js.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_linux.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_nocgo_darwin.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_omit_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_omit.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_plan9.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_solaris.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root_unix_test.go crypto/x509: add support for CertPool to load certs lazily 2020-04-24 21:27:48 -07:00
root_unix.go crypto/x509: add support for CertPool to load certs lazily 2020-04-24 21:27:48 -07:00
root_windows.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
root.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
sec1_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
sec1.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
test-file.crt Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
verify_test.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
verify.go crypto/x509: add support for CertPool to load certs lazily 2020-04-24 21:27:48 -07:00
x509_test_import.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00
x509_test.go crypto/x509: add support for CertPool to load certs lazily 2020-04-24 21:27:48 -07:00
x509.go Add fork of Go 1.15-dev's crypto/x509 2020-04-24 20:19:41 -07:00