forked from MirrorHub/synapse
Cache config options in SSL verification (#9255)
Reading from the config object is *slow*.
This commit is contained in:
parent
a78016dadf
commit
54a6afeee3
2 changed files with 10 additions and 4 deletions
1
changelog.d/9255.misc
Normal file
1
changelog.d/9255.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Minor performance improvement during TLS handshake.
|
|
@ -125,19 +125,24 @@ class FederationPolicyForHTTPS:
|
||||||
self._no_verify_ssl_context = _no_verify_ssl.getContext()
|
self._no_verify_ssl_context = _no_verify_ssl.getContext()
|
||||||
self._no_verify_ssl_context.set_info_callback(_context_info_cb)
|
self._no_verify_ssl_context.set_info_callback(_context_info_cb)
|
||||||
|
|
||||||
def get_options(self, host: bytes):
|
self._should_verify = self._config.federation_verify_certificates
|
||||||
|
|
||||||
|
self._federation_certificate_verification_whitelist = (
|
||||||
|
self._config.federation_certificate_verification_whitelist
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_options(self, host: bytes):
|
||||||
# IPolicyForHTTPS.get_options takes bytes, but we want to compare
|
# IPolicyForHTTPS.get_options takes bytes, but we want to compare
|
||||||
# against the str whitelist. The hostnames in the whitelist are already
|
# against the str whitelist. The hostnames in the whitelist are already
|
||||||
# IDNA-encoded like the hosts will be here.
|
# IDNA-encoded like the hosts will be here.
|
||||||
ascii_host = host.decode("ascii")
|
ascii_host = host.decode("ascii")
|
||||||
|
|
||||||
# Check if certificate verification has been enabled
|
# Check if certificate verification has been enabled
|
||||||
should_verify = self._config.federation_verify_certificates
|
should_verify = self._should_verify
|
||||||
|
|
||||||
# Check if we've disabled certificate verification for this host
|
# Check if we've disabled certificate verification for this host
|
||||||
if should_verify:
|
if self._should_verify:
|
||||||
for regex in self._config.federation_certificate_verification_whitelist:
|
for regex in self._federation_certificate_verification_whitelist:
|
||||||
if regex.match(ascii_host):
|
if regex.match(ascii_host):
|
||||||
should_verify = False
|
should_verify = False
|
||||||
break
|
break
|
||||||
|
|
Loading…
Reference in a new issue