Re: [Dovecot] Major CPU spike for SSL parameters?
I applied the patch to master-settings.c and the problem is still there Jan 19 20:01:51 foxmulder dovecot: SSL parameters regeneration completed Jan 19 20:13:02 foxmulder dovecot: SSL parameters regeneration completed Jan 19 20:21:33 foxmulder dovecot: SSL parameters regeneration completed Jan 19 20:33:17 foxmulder dovecot: SSL parameters regeneration completed Jan 19 20:42:03 foxmulder dovecot: SSL parameters regeneration completed Jan 19 20:52:12 foxmulder dovecot: SSL parameters regeneration completed foxmulder:~$ uname -srp FreeBSD 6.0-RELEASE-p3 i386 foxmulder:etc$ grep ssl dovecot.conf ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem ssl_parameters_regenerate = 48 Timo Sirainen wrote:
On 01/22/2006 07:25:07 AM, Timo Sirainen wrote:
It is so strange - it certainly doesn't happen on all 64 bit machines - it doesn't on my opteron (even without your patch):
[root@athena ~]# grep "SSL parameters" /var/log/m*log* /var/log/maillog.1:Jan 16 19:10:43 athena dovecot: SSL parameters regeneration completed [root@athena ~]# uname -a Linux athena.riede.org 2.6.15-1.1826.2.10_FC5 #1 SMP Wed Jan 11 18:13:37 EST 2006 x86_64 x86_64 x86_64 GNU/Linux [root@athena ~]# egrep "ssl_(cer|key_f|para)" /etc/dovecot.conf ssl_cert_file = /etc/pki/dovecot/dovecot.pem ssl_key_file = /etc/pki/dovecot/private/dovecot.pem #ssl_parameters_regenerate = 168
Regards, Willem Riede.
i upgrade 1.0-beta1 to cvs version, i use openbsd/i386 i tried this 3 settings
ssl_parameters_regenerate = 0 ssl_parameters_regenerate = 68 #ssl_parameters_regenerate = 168 (default)
all setting have this problem too (every 10mins regen SSL)
head -3 ChangeLog
2006-01-22 13:29 Timo Sirainen <tss@iki.fi>
* README: Removed code section and did some updates.
在 2006/1/22 的來信中,"Timo Sirainen" <tss@iki.fi> 提及:
On Sun, 2006-01-22 at 23:26 +0800, John Wong wrote:
Could you try what it writes to logs with this patch: diff -u -r1.21 ssl-init.c --- src/master/ssl-init.c 22 Jan 2006 10:50:54 -0000 1.21 +++ src/master/ssl-init.c 22 Jan 2006 16:16:14 -0000 @@ -98,6 +98,7 @@ are correct */ regen_time = set->ssl_parameters_regenerate == 0 ? ioloop_time : st.st_mtime + (time_t)(set->ssl_parameters_regenerate*3600); + i_info("ssl_parameters_regenerate = %d", set->ssl_parameters_regenerate); if (regen_time < ioloop_time || st.st_size == 0 || st.st_uid != master_uid || st.st_gid != getegid()) { if (foreground) {
this patch work for me, i use openbsd/i386 ------------------------------------------------------------------------------ --- src/master/ssl-init.c.orig Mon Jan 23 10:04:56 2006 +++ src/master/ssl-init.c Mon Jan 23 17:05:17 2006 @@ -99,7 +99,7 @@ regen_time = set->ssl_parameters_regenerate == 0 ? ioloop_time : (st.st_mtime + (time_t)(set->ssl_parameters_regenerate*3600)); if (regen_time < ioloop_time || st.st_size == 0 || - st.st_uid != master_uid || st.st_gid != getegid()) { + st.st_uid != master_uid || st.st_gid != set->server->login_gid) { if (foreground) { i_info("Generating Diffie-Hellman parameters. " "This may take a while.."); ------------------------------------------------------------------------------ 在 2006/1/22 的來信中,"Timo Sirainen" <tss@iki.fi> 提及:
participants (4)
-
John Wong
-
Peter Chiu
-
Timo Sirainen
-
Willem Riede