ssl: reuse *tls.Config if connection settings are identical

[kevinburke1]

Previously, we would reload and re-parse a certificate from disk every
single time we initialized a connection and the sslrootcert setting
was enabled. This results in a lot of allocations that can be avoided.

Instead, save the *tls.Config for a given configuration hash, and
reuse it when we see it again.

Fixes #1032.

[Lekensteyn]

Looks reasonable, however there is a potential issue with certain parameter values that would result in two instances being stored (one with the original value, one with the deleted values). See also #1031

[Lekensteyn]

The hash can change due to delete(o, "sslrootcert") and delete(o, "sslinline") below.

Edit: Actually, delete(o, "sslinline") got removed in #1035.

[jmunson]

Unless I'm missing something, this looks like it would result in a stale certificate staying in memory until your program is restarted. I don't know if it would be appropriate to register a SIGHUP handler in a library to drop the cache, but that would be preferable to needing to restart the service.

Or maybe we could still stat() the file on connect time and re-parse if mtime is newer than what we have cached?

[arp242]

this looks like it would result in a stale certificate staying in memory until your program is restarted

Yes, it changes the behaviour.

In general I'm not convinced it's worth the effort to optimise this. It saves "a lot of allocations that can be avoided", but how many? Are we talking about 100ns per connection or 50ms? This needs some concrete benchmarks.

Since this is a few years old and the author has not been active on GitHub for several years, I'll just go ahead and close it. But feel free to come back and we can re-open.