golang.org/x/crypto/x509roots/fallback: high, unskippable, init cost

[twp...@gmail.com]

tl;dr importing golang.org/x/crypto/x509roots/fallback adds ~8ms to the startup time of every program or library that imports it. I would like this cost to be zero and would be happy to contribute a fix.

Running the following program:

    package main
    import _ "golang.org/x/crypto/x509roots/fallback"
    func main() {}

with the command:

    $ go build -o tmp main.go

    $ GODEBUG=inittrace=1 ./tmp |& awk '{print $5, $6, $2}' | sort -n | tail -n 3
    0.043 ms internal/godebug
    0.052 ms runtime
    8.8 ms golang.org/x/crypto/x509roots/fallback

shows that golang.org/x/crypto/x509roots/fallback adds an 9ms start-up cost on a fast CPU (AMD Ryzen 8700G). This cost is paid whether or not the fallback X.509 certificates are used or not.

From looking at the code, it seems that the CPU is cost is due to parsing about 150 certificates in .PEM format in the package's unskippable init function.

The obvious, easy, backwards-compatible fix would be to parse the .PEM files while executing the template that generates bundle.go, instead of parsing them every time at startup.

Would you accept a CL to fix this?

Tom

[twp...@gmail.com]

Gentle ping on this.

If this is not wanted, then say. Otherwise, I will create an issue on https://github.com/golang/go to reach out to the relevant folk directly.

Regards,

Tom

[Jason E. Aten]

Hi Tom, maybe you meant to send to golang-dev?  I would just file the issue and your fix with it in any case. It sounds like a nice contribution.

Warm regards,

Jason