SSL initialization takes >5 sec in Debug build with Qt 6.6.0
-
The first time our app submits an HTTPS web request, Qt automatically initializes the SSL infrastructure, which includes loading all CA Certs on the machine. In a Windows Debug build using Qt 5.15, this took about 10 ms. With Qt 6.6.0, this initialization step takes around 5100 ms, or 5.1 sec. This happens within the main Qt event loop, so the app noticeably hangs while we wait for this to happen. Luckily, the delay is much shorter in a Release build, but this Debug build delay is very annoying and disruptive for coders working on the app.
In both Qt 5 and Qt 6, the initialization starts off in QSslSocketPrivate::ensureInitialized(), but from here the implementations start to diverge. In Qt 5, it ends up calling QSslSocketPrivate::systemCaCertificates(), while Qt 6 ends up in QSchannelBackend::systemCaCertificatesImplementation(). Superficially, these two functions look similar - both have a loop that queries the certificate store and instantiates each certificate in turn (I have 72 on my machine). With Qt 5, instantiating each certificate takes barely any time at all, but with Qt 6, it takes around 70 ms to instantiate each certificate - thus around 5 sec in total.
The difference appears to be that Qt 5 uses openssl functions to query just a handful of certificate properties, and this is very fast. Qt 6, on the other hand, parses the entire certificate structure in X509CertificateGeneric::parse(), and this takes a long time. In particular, the two calls to elem.toDateTime() seem to be slow, taking 30-40ms each.
Has anyone else encountered this difference? Can anyone suggest a workaround or a way to reduce the impact of this slowdown? Thanks in advance for any assistance.
