src: modify SecureContext::SetCACert to not use root_certs

Author: ShenHongFei

src/crypto/crypto_context.cc

@@ -785,9 +785,11 @@ void SecureContext::SetCACert(const BIOPointer& bio) {
   if (!bio) return;
   while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509_AUX(
              bio.get(), nullptr, NoPasswordCallback, nullptr))) {
-    CHECK_EQ(1,
-             X509_STORE_add_cert(GetCertStoreOwnedByThisSecureContext(),
-                                 x509.get()));
+    // Get the existing cert store from the SSL context
+    // instead of GetCertStoreOwnedByThisSecureContext()
+    // to avoid creating X509_STORE based on root_certs, which is very slow
+    CHECK_EQ(
+        1, X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx_.get()), x509.get()));
     CHECK_EQ(1, SSL_CTX_add_client_CA(ctx_.get(), x509.get()));
   }
 }