Skip to content
This repository was archived by the owner on Dec 18, 2018. It is now read-only.

Delay loading the default development certificate #2422

Closed
Tratcher opened this issue Mar 23, 2018 · 5 comments
Closed

Delay loading the default development certificate #2422

Tratcher opened this issue Mar 23, 2018 · 5 comments
Assignees
@Tratcher
Labels
3 - Done cost: S Will take up to 2 days to complete enhancement perf
Milestone
2.1.0-rc1

Comments

@Tratcher
Copy link
Member

Today Kestrel first tries to load the default development certificate and assign that to all new HttpsConnectionAdapterOptions.ServerCertificate.

This shows up as a measurable % of startup time. It also causes log noise.

It also causes additional complexities with the new SNI support were the cert and the cert selector are mutually exclusive. This may need to get refactored as part of #2357
@Tratcher Tratcher self-assigned this Mar 23, 2018
@muratg muratg added this to the 2.1.0 milestone Mar 27, 2018
@muratg
Copy link
Contributor

muratg commented Mar 28, 2018

Costing?

@Tratcher Tratcher added the cost: S Will take up to 2 days to complete label Mar 28, 2018
@Tratcher Tratcher mentioned this issue Mar 30, 2018
Merged
@davidfowl
Copy link
Member

Once we have the SNI callback then we can use it here.

@Tratcher
Copy link
Member Author

Tratcher commented Apr 1, 2018

No, this is later than we'd want, and invoked per connection. You want to load the cert as the server starts, but only if no other cert was provided.

@davidfowl
Copy link
Member

Disagree. You want to load the cert only if you’re using https.

@Tratcher
Copy link
Member Author

Tratcher commented Apr 1, 2018

Yes, but inside the SNI callback is way too late. Do it when you set up HTTPS. One of these two places seems the most likely:

KestrelHttpServer/src/Kestrel.Core/ListenOptionsHttpsExtensions.cs

Line 214 in a37fa83

listenOptions.ConnectionAdapters.Add(new HttpsConnectionAdapter(httpsOptions, loggerFactory));

KestrelHttpServer/src/Kestrel.Core/Internal/HttpsConnectionAdapter.cs

Line 39 in a37fa83

if (options.ServerCertificate == null)

Tratcher added a commit that referenced this issue Apr 4, 2018
@Tratcher
Delay loading the dev cert #2422
e4c6636
Tratcher added a commit that referenced this issue Apr 4, 2018
@Tratcher
Delay loading the dev cert #2422
37bf7d5
@Tratcher Tratcher mentioned this issue Apr 4, 2018
Merged
Tratcher added a commit that referenced this issue Apr 4, 2018
@Tratcher
Delay loading the dev cert #2422
2ee0d6e
@Tratcher Tratcher closed this as completed Apr 4, 2018
@Tratcher Tratcher added the perf label Apr 4, 2018
@Tratcher Tratcher mentioned this issue Nov 24, 2020
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Tratcher Tratcher

Labels
3 - Done cost: S Will take up to 2 days to complete enhancement perf
Projects
None yet
Milestone
2.1.0-rc1
Development

No branches or pull requests
3 participants
@davidfowl @muratg @Tratcher