Cache config options in SSL verification (#9255)

Reading from the config object is *slow*.
This commit is contained in:
Erik Johnston 2021-01-28 17:38:59 +00:00 committed by GitHub
parent a78016dadf
commit 54a6afeee3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions

1
changelog.d/9255.misc Normal file
View file

@ -0,0 +1 @@
Minor performance improvement during TLS handshake.

View file

@ -125,19 +125,24 @@ class FederationPolicyForHTTPS:
self._no_verify_ssl_context = _no_verify_ssl.getContext() self._no_verify_ssl_context = _no_verify_ssl.getContext()
self._no_verify_ssl_context.set_info_callback(_context_info_cb) self._no_verify_ssl_context.set_info_callback(_context_info_cb)
def get_options(self, host: bytes): self._should_verify = self._config.federation_verify_certificates
self._federation_certificate_verification_whitelist = (
self._config.federation_certificate_verification_whitelist
)
def get_options(self, host: bytes):
# IPolicyForHTTPS.get_options takes bytes, but we want to compare # IPolicyForHTTPS.get_options takes bytes, but we want to compare
# against the str whitelist. The hostnames in the whitelist are already # against the str whitelist. The hostnames in the whitelist are already
# IDNA-encoded like the hosts will be here. # IDNA-encoded like the hosts will be here.
ascii_host = host.decode("ascii") ascii_host = host.decode("ascii")
# Check if certificate verification has been enabled # Check if certificate verification has been enabled
should_verify = self._config.federation_verify_certificates should_verify = self._should_verify
# Check if we've disabled certificate verification for this host # Check if we've disabled certificate verification for this host
if should_verify: if self._should_verify:
for regex in self._config.federation_certificate_verification_whitelist: for regex in self._federation_certificate_verification_whitelist:
if regex.match(ascii_host): if regex.match(ascii_host):
should_verify = False should_verify = False
break break