SSL证书的批量扫描在Golang中挂起

I'm writing a microservice for validating SSL certificates for URLs, basically combining together these two things:

An implementation of an SSL checker from here: https://github.com/alanorth/check-tls-certs/blob/master/main.go
And this approach for spawning workers from an API call: https://medium.com/smsjunk/handling-1-million-requests-per-minute-with-golang-f70ac505fcaa

So, practically I'm launching the small service, which accepts a list of URLs and validates SSL certificates for them. The problem is, after some requests the SSL checker starts freezing for quite a long time, and I don't know why (each payload in this log is the same set of 5000 URLs every time):

DEBUG: 2018/09/29 14:33:58 dispatcher.go:34: DNS timeout set to 10 seconds
DEBUG: 2018/09/29 14:33:58 dispatcher.go:35: SSL timeout set to 10 seconds
DEBUG: 2018/09/29 14:33:58 dispatcher.go:36: HTTP timeout set to 10 seconds
DEBUG: 2018/09/29 14:33:58 dispatcher.go:37: Starting 10000 workers...
DEBUG: 2018/09/29 14:33:58 api.go:113: Starting API at :8888...
DEBUG: 2018/09/29 14:34:04 api.go:50: Received request, starting task '0af84d1e-52b3-41bc-935c-a5a22a007a2c'...
DEBUG: 2018/09/29 14:34:08 api.go:50: Received request, starting task 'e2379281-f98d-4185-8776-46c032bf6bf9'...
DEBUG: 2018/09/29 14:34:11 api.go:50: Received request, starting task 'faeb6b1d-8567-427f-81b7-63cdc2154314'...
DEBUG: 2018/09/29 14:34:15 api.go:50: Received request, starting task '702ca7b2-4b23-434c-9921-e72532766b16'...
DEBUG: 2018/09/29 14:34:15 dispatcher.go:59: Finished processing URLs for task '0af84d1e-52b3-41bc-935c-a5a22a007a2c' (took 11 seconds)!
DEBUG: 2018/09/29 14:34:20 dispatcher.go:59: Finished processing URLs for task 'e2379281-f98d-4185-8776-46c032bf6bf9' (took 12 seconds)!
DEBUG: 2018/09/29 14:34:22 api.go:50: Received request, starting task 'aa2a6bd6-f207-41a4-9dd4-a48ad72b85de'...
DEBUG: 2018/09/29 14:34:29 dispatcher.go:59: Finished processing URLs for task '702ca7b2-4b23-434c-9921-e72532766b16' (took 14 seconds)!
DEBUG: 2018/09/29 14:34:33 dispatcher.go:59: Finished processing URLs for task 'aa2a6bd6-f207-41a4-9dd4-a48ad72b85de' (took 11 seconds)!
DEBUG: 2018/09/29 14:34:55 api.go:50: Received request, starting task 'ea8c7c69-c533-4c9e-a4e4-439b41df2f52'...
DEBUG: 2018/09/29 14:34:59 api.go:50: Received request, starting task '6f2a2374-6911-4ff4-bbe2-b3aa378a2938'...
DEBUG: 2018/09/29 14:35:01 api.go:50: Received request, starting task '73cae838-9971-403f-bdfd-6e4790624fe8'...
DEBUG: 2018/09/29 14:35:04 api.go:50: Received request, starting task 'ee04997d-efd2-47df-9359-b46c90859224'...
DEBUG: 2018/09/29 14:35:06 dispatcher.go:59: Finished processing URLs for task 'ea8c7c69-c533-4c9e-a4e4-439b41df2f52' (took 11 seconds)!
DEBUG: 2018/09/29 14:35:07 api.go:50: Received request, starting task '5918b20d-ab52-484a-888e-2651344e8c5e'...
DEBUG: 2018/09/29 14:35:09 dispatcher.go:59: Finished processing URLs for task '6f2a2374-6911-4ff4-bbe2-b3aa378a2938' (took 10 seconds)!
DEBUG: 2018/09/29 14:35:19 dispatcher.go:59: Finished processing URLs for task 'ee04997d-efd2-47df-9359-b46c90859224' (took 15 seconds)!
DEBUG: 2018/09/29 14:35:20 dispatcher.go:59: Finished processing URLs for task '5918b20d-ab52-484a-888e-2651344e8c5e' (took 13 seconds)!
DEBUG: 2018/09/29 14:50:06 dispatcher.go:59: Finished processing URLs for task 'faeb6b1d-8567-427f-81b7-63cdc2154314' (took 955 seconds)!
DEBUG: 2018/09/29 14:50:57 dispatcher.go:59: Finished processing URLs for task '73cae838-9971-403f-bdfd-6e4790624fe8' (took 956 seconds)!

I have a timeout set to time.Second * 10 which I'm passing to net.DialTimeout(), but it doesn't save the day. That means, instead of this line: https://github.com/alanorth/check-tls-certs/blob/master/main.go#L232 I have something like this:

ipConn,err := net.DialTimeout("tcp", result.Domain + ":443", time.Second * 10)
if err != nil {
    result.Errors["ssl"] = append(result.Errors["ssl"], err.Error())
    if s.FailIfInvalid {
        result.Success = false
    }
    return
}

tc := &tls.Config{ServerName: result.Domain}
if s.CheckInsecure {
    tc.InsecureSkipVerify = true
}

conn:= tls.Client(ipConn, tc)

err = conn.Handshake()
if err != nil {
    switch e := err.(type) {
    case x509.CertificateInvalidError:
        result.Errors["ssl"] = append(result.Errors["ssl"], e.Error())
        if s.FailIfInvalid {
            result.Success = false
        }
        return
}
defer conn.Close()

Also, strace on running thread says it hangs on epoll_pwait() syscall, and pprof gives me nothing, because the application itself is peacefully waiting in userspace during this time.

What should I do next to properly fix the issue? It doesn't seem to have anything to do with opened file descriptors or anything (the numbers are reasonable), also memory/CPU consumption is pretty low. Would really appreciate any help. Thanks!

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

报告相同问题？

关注问题

在Golang中获取远程SSL证书 ssl
2015-07-31 17:19

回答 3 已采纳 Have to call crypto/tls/Conn.Handshake. Then you can read peer certificate: tlsconn.ConnectionStat
如何在golang中创建没有证书的TLS连接？ ssl
2019-04-22 05:33

回答 2 已采纳 TLS without certificates would require support for cipher suites which don't use certificates. L
在GoLang中执行反向代理时确认TLS证书 ssl
2016-02-14 10:29

回答 2 已采纳 To access the certificate, you will have get access to the ConnectionState. The easiest way to do
golang 面试题(从基础到高级)
2022-03-08 15:51

Bel_Ami@的博客 1.Golang中除了加Mutex锁以外还有哪些方式安全读写共享变量？ Golang中Goroutine 可以通过 Channel 进行安全读写共享变量。 2.无缓冲 Chan 的发送和接收是否同步? ch := make(chan int) 无缓冲的...
如何在Golang中针对CRL验证客户端证书？ ssl
2016-05-05 19:02

回答 1 已采纳 Is it possible to also verify the client certs against a provided CRL? Yes, it is possible, b
如何在Golang中编写HTTP服务器无证书？ https
2017-01-31 17:00

回答 2 已采纳 This could go two different directions depending on what you're actually asking. If you're asking
Golang证书验证 ssl
2017-12-09 23:01

回答 1 已采纳 You need to do two things: add the CA certificate on the server side as well, the CA needs to be
golang大厂面试2
2023-07-04 14:42

theo.wu的博客一开始一个项目数据比较多，后来需要分库分表，有什么思路在不停服务的情况下做到平滑切换？wss是基于tcp的，tcp有个半连接队列，有没有遇到发了信令但是服务器没收到的情况？实现一个函数，有两个参数分别是升序的...
在golang中优先使用goroutine
2018-12-21 20:09

回答 2 已采纳 I have created threadpools on golang. This should allow easily one to prioritize certain goroutine
在golang中解析日期
2018-12-17 15:14

回答 1 已采纳 Package time import "time" the [layout] reference time can be thought of as 01/02 03
如何在Golang中使用HTML html
2019-07-25 00:23

回答 2 已采纳 ParseFiles stores the names of the list of files as template name. That means, in your case, login
golang面试问题汇总(陆续更新)
2022-03-16 17:12

江湖夜雨十年灯丶的博客由于本人在准备找golang的春招实习，所以开此贴方便记录
Golang程序挂起而未完成执行
2015-12-05 17:54

回答 2 已采纳 The problem is that ranging over a channel in a for loop will continue forever unless the channel
Golang 面试总结 MySQL 面试总结 Redis 面试总结
2022-04-18 17:16

敲代码der的博客相比较于其他语言, Go 有什么优势或者特点 Go 允许跨平台编译，编译出来的是二进制的可执行文件，直接部署在对应系统上即可运行 Go 在语言层面上天生支持并发编程，通过 goroutine 和 channel 实现...Golang 里的 GMP
Golang面试问题汇总
2020-05-08 17:34

Leonshi001的博客 Golang面试问题汇总通常我们去面试肯定会有些不错的Golang的面试题目的，所以总结下，让其他Golang开发者也可以查看到，同时也用来检测自己的能力和...Golang中Goroutine 可以通过 Channel 进行安全读写共享变量...
没有解决我的问题, 去提问

悬赏问题

¥15 关于#matlab#的问题：在模糊控制器中选出线路信息，在simulink中根据线路信息生成速度时间目标曲线（初速度为20m/s，15秒后减为0的速度时间图像）我想问线路信息是什么
¥15 banner广告展示设置多少时间不怎么会消耗用户价值
¥16 mybatis的代理对象无法通过@Autowired装填
¥15 可见光定位matlab仿真
¥15 arduino 四自由度机械臂
¥15 wordpress 产品图片 GIF 没法显示
¥15 求三国群英传pl国战时间的修改方法
¥15 matlab代码代写，需写出详细代码，代价私
¥15 ROS系统搭建请教（跨境电商用途）
¥15 AIC3204的示例代码有吗，想用AIC3204测量血氧，找不到相关的代码。

码龄粉丝数原力等级 --

SSL证书的批量扫描在Golang中挂起

0条回答默认最新

悬赏问题

SSL证书的批量扫描在Golang中挂起

0条回答 默认 最新

悬赏问题

0条回答默认最新