[cvsnt] CVSNT 2.5.04 build 3236 server really slow
jml at nykredit.dk
jml at nykredit.dk
Fri Nov 14 09:22:29 GMT 2008
I'm beginning to understand what is going on (that's the beauty of
open source :-).
The verification is not a Windows whim as Arthur implies, but an
explicit check made by CVS. It happens in the cvsapi (in
cvsapi\win32\LibraryAccess.cpp). This check is done for each dll that
is loaded from the "triggers" folder (info.dll, audit.dll etc.).
The problem is, that the verification is made for each and every
execution of cvs.exe i.e. each cvs command served by the server. This
check has a performance penalty, that in my case i about 30 seconds
pr. dll in the "triggers" folder. Why it takes so long is not clear to
me yet, but the actual IP-adress used to connect to Verisign seems to
be almost unreachable. If can uninstall all dll's in the "triggers"
folder except info.dll, and that leaves me with a response time of 30
seconds, which of course is unbearable.
I've contacted Verisign to try to clear up why the IP 22.214.171.124 is
so slow, but even if the response time is reduced to, say, one second,
it's still degrades performance, and in my view the verification is
completely unnecessary. It should suffice to verify the dll's during
Jørgen Møller Larsen
"Arthur Barrett" <arthur.barrett at march-hare.com>
<jml at nykredit.dk>, <cvsnt at cvsnt.org>
RE: [cvsnt] CVSNT 2.5.04 build 3236 server really slow
> And what if I
> can't persuade the network people to change the DNS
> servers? Can the
> signature verification be turned off?
No - it's a windows thing. CVSNT doesn't verify the signature -
windows does. It does this in 2.5.04 because the binaries are signed.
Many corporates now have a policy not to run any unsigned executables
- and many (most?) new commercial software is all signed - so you will
be having the same problem with lots of programs - including every
More information about the cvsnt