On 2023-01-20 11:55 -0700, Charles Curley wrote: > On Fri, 20 Jan 2023 19:17:37 +0100 > Sven Joachim <svenj...@gmx.de> wrote: > >> Clearly something fishy is going on here. > > I concur. What I saw with htop was a slew of calls to SSL. Here's > a sample of what it was doing. It is a processor hog. > > root@white:~# ps aux | grep -i openssl > root 4586 5.8 0.9 8256 2064 pts/3 S+ 11:48 0:00 grep > --colour=auto -i openssl > root 4587 150 2.1 8888 4720 ? R 11:48 0:00 /usr/bin/openssl x509 > -subject_hash_old -fingerprint -noout -in QuoVadis_Root_CA_2.pem
Indeed I see many calls to openssl in top, apparently they are children of a single c_rehash process. CPU load is low here, though (2-3 %). > I have no idea what that's about. Maybe someone with SSL experience can > chime in here? My hunch is that postfix recomputes all the hashes in /var/spool/postfix/etc/ssl/certs, rather than copying the files from the host system into the chroot which would be a lot faster. It is probably time for me to revisit my postfix configuration. Cheers, Sven