crypto/tls: cache peerCerts across client connections #52202

moredure · 2022-04-07T10:52:03Z

(client) Is it possible to cache provided certificates certs := make([]*x509.Certificate, len(certificates)) across different connections to the same server ?

// verifyServerCertificate parses and verifies the provided chain, setting
// c.verifiedChains and c.peerCertificates or sending the appropriate alert.
func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
	certs := make([]*x509.Certificate, len(certificates))
	for i, asn1Data := range certificates {
		cert, err := x509.ParseCertificate(asn1Data)
		if err != nil {
			c.sendAlert(alertBadCertificate)
			return errors.New("tls: failed to parse certificate from server: " + err.Error())
		}
		certs[i] = cert
	}

The text was updated successfully, but these errors were encountered:

moredure · 2022-04-07T18:46:02Z

Looks like I am not the first with this thing
I just emptied connection PeerCertificates and VerifiedChains with nils after connection and it's good to go -20% in-use memory!

moredure added the Proposal label Apr 7, 2022

moredure closed this as completed Apr 7, 2022

golang locked and limited conversation to collaborators Apr 10, 2023

gopherbot added the FrozenDueToAge label Apr 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto/tls: cache peerCerts across client connections #52202

crypto/tls: cache peerCerts across client connections #52202

moredure commented Apr 7, 2022 •

edited

moredure commented Apr 7, 2022 •

edited

crypto/tls: cache peerCerts across client connections #52202

crypto/tls: cache peerCerts across client connections #52202

Comments

moredure commented Apr 7, 2022 • edited

moredure commented Apr 7, 2022 • edited

moredure commented Apr 7, 2022 •

edited

moredure commented Apr 7, 2022 •

edited