Обсуждение: Is there any performance penalty using --with-ssl?
Hi! I am preparing the update of the FreeBSD port of PostgreSQL with the upcoming 7.2, and I'm just wondering: is there any performance penalty intoduced by including --with-ssl in the default configure args? Of course, if SSL is actually *used*, I know what'll happen ;-) Just wondering whether there is any reason not to include it by default if it exists on the system; will it decrease performance for those who don't use it? Regards, Palle
Palle Girgensohn <girgen@partitur.se> writes:
> I am preparing the update of the FreeBSD port of PostgreSQL with the
> upcoming 7.2, and I'm just wondering: is there any performance penalty
> intoduced by including --with-ssl in the default configure args?
Failure to build/run if SSL libraries are not available?
AFAIK there is no run-time penalty, especially not if the server is
started without the enable-ssl switch. But there had better be an
SSL library to link with.
regards, tom lane
> I am preparing the update of the FreeBSD port of PostgreSQL with the > upcoming 7.2, and I'm just wondering: is there any performance penalty > intoduced by including --with-ssl in the default configure args? No, the only reason that the switch exists is that some hosts may not have OpenSSL installed (including related legal reasons). -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
--On Thursday, January 03, 2002 23:03:11 -0500 Tom Lane <tgl@sss.pgh.pa.us> wrote: > Palle Girgensohn <girgen@partitur.se> writes: >> I am preparing the update of the FreeBSD port of PostgreSQL with the >> upcoming 7.2, and I'm just wondering: is there any performance penalty >> intoduced by including --with-ssl in the default configure args? > > Failure to build/run if SSL libraries are not available? The main problem, of course, but this is can be handled in the port. > AFAIK there is no run-time penalty, especially not if the server is > started without the enable-ssl switch. But there had better be an > SSL library to link with. True. Thanks for the input. Cheers, Palle
> Failure to build/run if SSL libraries are not available? > > AFAIK there is no run-time penalty, especially not if the server is > started without the enable-ssl switch. But there had better be an > SSL library to link with. Palle - the current Postgres Port uses the 'dialog' command to present a menu of what people can optionally compile in. Why not just leave it in that menu? Chris
> AFAIK there is no run-time penalty, especially not if the server is > started without the enable-ssl switch. But there had better be an > SSL library to link with. Well, FreeBSD has come with OpenSSL in the base system by default for a long time now. What about the memory size overhead it adds to every postgres process? Chris
On Thu, 3 Jan 2002, Tom Lane wrote: > Palle Girgensohn <girgen@partitur.se> writes: > > I am preparing the update of the FreeBSD port of PostgreSQL with the > > upcoming 7.2, and I'm just wondering: is there any performance penalty > > intoduced by including --with-ssl in the default configure args? > > Failure to build/run if SSL libraries are not available? > > AFAIK there is no run-time penalty, especially not if the server is > started without the enable-ssl switch. But there had better be an > SSL library to link with. SSL libraries are default with a FreeBSD install, as its required by SSH ...
"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> What about the memory size overhead it adds to every postgres process?
AFAIK, on all modern OSes there's no significant performance penalty
for code that's nominally part of your address space but is never
actually swapped in/executed.
regards, tom lane
--On Friday, January 04, 2002 12:32:26 +0800 Christopher Kings-Lynne <chriskl@familyhealth.com.au> wrote: >> Failure to build/run if SSL libraries are not available? >> >> AFAIK there is no run-time penalty, especially not if the server is >> started without the enable-ssl switch. But there had better be an >> SSL library to link with. > > Palle - the current Postgres Port uses the 'dialog' command to present a > menu of what people can optionally compile in. Why not just leave it in > that menu? Reason is, I am invesigating the possibility of totally removing the dialog and split all interfaces into separate ports. There are pros and cons to this idea, but IMO the pros win. /Palle
--On Friday, January 04, 2002 00:50:08 -0500 "Marc G. Fournier" <scrappy@hub.org> wrote: > On Thu, 3 Jan 2002, Tom Lane wrote: > >> Palle Girgensohn <girgen@partitur.se> writes: >> > I am preparing the update of the FreeBSD port of PostgreSQL with the >> > upcoming 7.2, and I'm just wondering: is there any performance penalty >> > intoduced by including --with-ssl in the default configure args? >> >> Failure to build/run if SSL libraries are not available? >> >> AFAIK there is no run-time penalty, especially not if the server is >> started without the enable-ssl switch. But there had better be an >> SSL library to link with. > > SSL libraries are default with a FreeBSD install, as its required by SSH True. I was thinking of the obscure cases where #NO_OPENSSL= true # do not build OpenSSL (implies NO_OPENSSH) is uncommented in make.conf... The port can handle that, no problem, but a package would fail at runtime. Those freebsd'ers can probably live with this, I guess? /Palle