.NET signed assembly certificate check (startup performance) - Forum - OpenEdge Development - Progress Community

.NET signed assembly certificate check (startup performance)

 Forum

.NET signed assembly certificate check (startup performance)

  • Our application is delivered along with a bunch of DevExpress assemblies, which are signed assemblies. We noticed that with some customers it took an incredibly long time to start up our client. We narrowed it down to the check of the certificate (the revokation to be precise) of the signed assembly. Normally this is not much of a problem but some customers are behind a proxy server and then it takes a considerable amount of time, basically you're waiting for the time-out. In the settings of the internet explorer you can turn off this check but that's an all or nothing scenario. So the question is:

    Can I turn off the the check for the assembly certificate for just my application (or just prowin32 would be great as well)? I suspect it is done in prowin32.exe.config but for the rest I have no clue.

    PS. for those who are wondering what the Internet Explorer setting is: Internet options dialog, Advanced tab, security section, "check for publisher's certificate revokation".

  • http://knowledgebase.progress.com/articles/Article/P182103

  • Thanks Mike, I couldn't find it on KB. I'm wondering whether this says something about me or the KB. Probably a bit about both.

  • I used Google to search the KB (and I knew what I was looking for because I needed that article a few times already).

  • We reported this issue years ago but I have never seen the knowlegdbase entry before either.

    About the startup time: I think is is 90 seconds for 6 checks with a 15 second timeout each

  • It was published with PANS.

    We needed it later too, i remembered about this article, but had the same problems to find it again.

    My opinion: It should be disabled as default to avoid these problems.

  • My opinion: It should be disabled as default to avoid these problems.

    I tend to disagree... It's a trade-off between security and performance.

    I think it's wise to have security as the default option.

  • I think it's wise to have security as the default option.

    +1

    It would be even better if you could specify it on a per assembly basis. Assembly.xml seems a candidate, but then accompanied by an extra setting "LoadAssemblyOnDemand" so not all of them are loaded at startup.

  • -1

    Then it should be a visible option during installation and not hidden in a xml file.

    How many customers, me too, are searching for it and having lost days?

    Why there isn't any message that the assembly couldn't be checked and it's running without the check?
    Makes no sense ...

  • Well, I was thinking about the the assemblies which are not installed as part of an OpenEdge installation.

    On second thought however, I think you cannot pass information on what to check and what not to check to the CLR, so that makes my previous comment superfluous.

  • Well, I was thinking about the the assemblies which are not installed as part of an OpenEdge installation.

    On second thought however, I think you cannot pass information on what to check and what not to check to the CLR, so that makes my previous comment superfluous.

    +1