[QUIC] Eliminate peer X509 certificate parsing on Linux #101602
Labels
area-System.Net.Quic
tenet-performance
Performance related issue
untriaged
New issue has not been triaged by the area owner
Originally, MsQuic linked statically to both
libssl
(forked to add QUIC supporting APIs) andlibcrypto
. Because of that it was dangerous to pass rawX509*
to applications, because the system installedlibcrypto
(where OpenSSL's X.509 code lives) could be different version and have differentX509
object layout. So currently, the certificates are being serialized to DER or PKCS12 format and parsed again by the application, which delays the handshake by about 1 ms.Since recent MsQuic versions are compiled to use system-installed libcrypto, it should be possible to exchange raw
X509*
under these conditions:-UseSystemOpenSSLCrypto
libcrypto
version used by .NET processTo verify these conditions, we need additional API surface in MsQuic (additional global Get-only parameters).
The text was updated successfully, but these errors were encountered: