forked from MirrorHub/synapse
Cache config options in SSL verification (#9255)
Reading from the config object is *slow*.
This commit is contained in:
parent
a78016dadf
commit
54a6afeee3
2 changed files with 10 additions and 4 deletions
1
changelog.d/9255.misc
Normal file
1
changelog.d/9255.misc
Normal file
|
@ -0,0 +1 @@
|
|||
Minor performance improvement during TLS handshake.
|
|
@ -125,19 +125,24 @@ class FederationPolicyForHTTPS:
|
|||
self._no_verify_ssl_context = _no_verify_ssl.getContext()
|
||||
self._no_verify_ssl_context.set_info_callback(_context_info_cb)
|
||||
|
||||
def get_options(self, host: bytes):
|
||||
self._should_verify = self._config.federation_verify_certificates
|
||||
|
||||
self._federation_certificate_verification_whitelist = (
|
||||
self._config.federation_certificate_verification_whitelist
|
||||
)
|
||||
|
||||
def get_options(self, host: bytes):
|
||||
# IPolicyForHTTPS.get_options takes bytes, but we want to compare
|
||||
# against the str whitelist. The hostnames in the whitelist are already
|
||||
# IDNA-encoded like the hosts will be here.
|
||||
ascii_host = host.decode("ascii")
|
||||
|
||||
# Check if certificate verification has been enabled
|
||||
should_verify = self._config.federation_verify_certificates
|
||||
should_verify = self._should_verify
|
||||
|
||||
# Check if we've disabled certificate verification for this host
|
||||
if should_verify:
|
||||
for regex in self._config.federation_certificate_verification_whitelist:
|
||||
if self._should_verify:
|
||||
for regex in self._federation_certificate_verification_whitelist:
|
||||
if regex.match(ascii_host):
|
||||
should_verify = False
|
||||
break
|
||||
|
|
Loading…
Reference in a new issue