I ran perf record -F 99 --call-graph=dwarf cargo tree --offline in a moderately sized project, and the report had this line in it:
+ 15.09% 0.00% cargo cargo [.] openssl_init
it seems to me like openssl shouldn't need to be initialized if its not being used for anything, no?
Perhaps it would be better to not use curl, but rather switch over to a native Rust library like reqwest + rusttls?
My understanding is that we are slowly moving to rustls + hyper + gitoxide, but this has to be done carefully to avoid breakage. And for as long as we still allow falling back to curl or libgit2, openssl will remain getting initialized unconditionally unless the issue I linked gets fixed.
When I run a local build of Cargo, "init" is a major factor. When I use the version from rustup, it is negligible. I'm assuming this is coming from behavior differences in the vendored openssl vs system ssl.
For now, I've not worried too much about "init" because of that. If there are shipped situations where it does make a difference, I'd love to hear it.
For me a local build of rustup will try to always parse the toolchain manifest, while the official distribution of rustup will skip parsing the toolchain manifest under normal circumstances. Parsing the toolchain manifest takes the majority of the time of rustup when it happens.
this is me running the rustup version of cargo, on NixOS.
maybe openssl init takes longer on hdd systems? I'm not sure if perf measures wall time or cycles.
In response to @bjorn3's research, I submitted this PR:
rustup should probably start emitting warnings when RUSTUP_USE_CURL is enabled so we won't catch people off guard once curl support is removed. In general, I think we've seen very little feedback on the rustls-by-default changes, which I'm counting as a good thing.
Edit: submitted Simplify download abstractions and start warning about curl usage by djc · Pull Request #4277 · rust-lang/rustup · GitHub.