Cache cert verification methods (#871)

* cache cert verification CheckSignature and Verify are expensive methods, and certificates are static. Cache the results. * use atomics * make sure public key bytes match * add VerifyWithCache and ResetCache * cleanup * use VerifyWithCache * doc
2026-02-15 09:14:23 +01:00 · 2023-05-17 10:14:26 -04:00
parent eb9f22a8fa
commit 9a7ed57a3f
3 changed files with 79 additions and 5 deletions
--- a/connection_manager.go
+++ b/connection_manager.go
@@ -427,7 +427,7 @@ func (n *connectionManager) isInvalidCertificate(now time.Time, hostinfo *HostIn
 		return false
 	}

-	valid, err := remoteCert.Verify(now, n.intf.caPool)
+	valid, err := remoteCert.VerifyWithCache(now, n.intf.caPool)
 	if valid {
 		return false
 	}