[Dovecot] Major CPU spike for SSL parameters?

John Wong johnw at wonghome.net
Mon Jan 23 11:43:35 EET 2006 

this patch work for me, i use openbsd/i386
------------------------------------------------------------------------------
--- src/master/ssl-init.c.orig  Mon Jan 23 10:04:56 2006
+++ src/master/ssl-init.c       Mon Jan 23 17:05:17 2006
@@ -99,7 +99,7 @@
        regen_time = set->ssl_parameters_regenerate == 0 ? ioloop_time :
                (st.st_mtime +
(time_t)(set->ssl_parameters_regenerate*3600));
        if (regen_time < ioloop_time || st.st_size == 0 ||
-           st.st_uid != master_uid || st.st_gid != getegid()) {
+           st.st_uid != master_uid || st.st_gid !=
set->server->login_gid) {
                if (foreground) {
                        i_info("Generating Diffie-Hellman parameters. "
                               "This may take a while..");
------------------------------------------------------------------------------

¦b 2006/1/22 ªº¨Ó«H¤¤¡A"Timo Sirainen" <tss at iki.fi> ´£¤Î¡G

>On Sun, 2006-01-22 at 23:26 +0800, John Wong wrote:
>> i upgrade 1.0-beta1 to cvs version, i use openbsd/i386
>> i tried this 3 settings
>> -----------------------------------------------------------------
>> ssl_parameters_regenerate = 0
>> ssl_parameters_regenerate = 68
>> #ssl_parameters_regenerate = 168   (default)
>> -----------------------------------------------------------------
>> all setting have this problem too (every 10mins regen SSL)
>
>Could you try what it writes to logs with this patch:
>
>diff -u -r1.21 ssl-init.c
>--- src/master/ssl-init.c	22 Jan 2006 10:50:54 -0000	1.21
>+++ src/master/ssl-init.c	22 Jan 2006 16:16:14 -0000
>@@ -98,6 +98,7 @@
> 	   are correct */
> 	regen_time = set->ssl_parameters_regenerate == 0 ? ioloop_time :
> 		st.st_mtime + (time_t)(set->ssl_parameters_regenerate*3600);
>+	i_info("ssl_parameters_regenerate = %d", set->ssl_parameters_regenerate);
> 	if (regen_time < ioloop_time || st.st_size == 0 ||
> 	    st.st_uid != master_uid || st.st_gid != getegid()) {
> 		if (foreground) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-src_master_ssl-init_c
Type: application/octet-stream
Size: 554 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060123/d2eef28f/patch-src_master_ssl-init_c.obj

More information about the dovecot mailing list