On 2023-01-20 11:55 -0700, Charles Curley wrote:
> On Fri, 20 Jan 2023 19:17:37 +0100
> Sven Joachim <svenj...@gmx.de> wrote:
>
>> Clearly something fishy is going on here.
>
> I concur. What I saw with htop was a slew of calls to SSL. Here's
> a sample of what it was doing. It is a processor hog.
>
> root@white:~# ps aux | grep -i openssl
> root 4586 5.8 0.9 8256 2064 pts/3 S+ 11:48 0:00 grep
> --colour=auto -i openssl
> root 4587 150 2.1 8888 4720 ? R 11:48 0:00 /usr/bin/openssl x509
> -subject_hash_old -fingerprint -noout -in QuoVadis_Root_CA_2.pem
Indeed I see many calls to openssl in top, apparently they are children
of a single c_rehash process. CPU load is low here, though (2-3 %).
> I have no idea what that's about. Maybe someone with SSL experience can
> chime in here?
My hunch is that postfix recomputes all the hashes in
/var/spool/postfix/etc/ssl/certs, rather than copying the files from the
host system into the chroot which would be a lot faster.
It is probably time for me to revisit my postfix configuration.
Cheers,
Sven
