Severe performance regression after 2.2.0 (debian bullseye -> bookworm)

[tik-stbuehler]

Describe the bug

Seeing high CPU usage and load on icinga2 master after upgrade to bookworm:

• 100% vs 20% CPU usage on two (virtual) cores
• Load about 130 vs less than 3 before
• Lots of check_ssl_cert checks time out

Bookworm should have version 2.60.0 of check_ssl_cert, but same issue with 2.70.

Using the old 2.2.0 script (with a small patch for the new "-m|--match" option) fixes the issue.

To Reproduce

• icinga master on two cores of AMD EPYC 7313P
• 4GB memory (2GB swap) - not an issue, swap is completely free, almost 3GB "avail Mem" in top.
• about 300 SSL checks: mostly Active Directory Domain Controllers: IPv4+IPv6 (if present), LDAP + LDAPS, normal port + global catalog - quite a few variations for each host.

Expected behavior

Less CPU usage, no timeouts, ...

System (please complete the following information):

• OS: Debian
• OS version: bookworm (12)
• check_ssl_cert version: 2.60.0 and 2.70.0
• OpenSSL version (openssl version): OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

Additional context/output

Invocations look like this:

/usr/lib/nagios/plugins/check_ssl_cert --no-ssl3 --no-tls1 --no-tls1_1 -H $IPADDRESS -P ldap -c 14 -m $SERVERNAME -p 3268 -r /etc/ssl/trusted-cas.crt -w 30

Manual calls usually work, but are slower than before.