diff options
author | Erik Johnston <erik@matrix.org> | 2021-01-28 17:38:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-28 17:38:59 +0000 |
commit | 54a6afeee3b1ae8f353edfdf1375aa73c1819e9e (patch) | |
tree | 9c74c5a62a060e136e2ef51a8ede8b4e287361d3 | |
parent | Add type hints to E2E handler. (#9232) (diff) | |
download | synapse-54a6afeee3b1ae8f353edfdf1375aa73c1819e9e.tar.xz |
Cache config options in SSL verification (#9255)
Reading from the config object is *slow*.
Diffstat (limited to '')
-rw-r--r-- | changelog.d/9255.misc | 1 | ||||
-rw-r--r-- | synapse/crypto/context_factory.py | 13 |
2 files changed, 10 insertions, 4 deletions
diff --git a/changelog.d/9255.misc b/changelog.d/9255.misc new file mode 100644 index 0000000000..f723b8ec4f --- /dev/null +++ b/changelog.d/9255.misc @@ -0,0 +1 @@ +Minor performance improvement during TLS handshake. diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 74b67b230a..14b21796d9 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -125,19 +125,24 @@ class FederationPolicyForHTTPS: self._no_verify_ssl_context = _no_verify_ssl.getContext() self._no_verify_ssl_context.set_info_callback(_context_info_cb) - def get_options(self, host: bytes): + self._should_verify = self._config.federation_verify_certificates + + self._federation_certificate_verification_whitelist = ( + self._config.federation_certificate_verification_whitelist + ) + def get_options(self, host: bytes): # IPolicyForHTTPS.get_options takes bytes, but we want to compare # against the str whitelist. The hostnames in the whitelist are already # IDNA-encoded like the hosts will be here. ascii_host = host.decode("ascii") # Check if certificate verification has been enabled - should_verify = self._config.federation_verify_certificates + should_verify = self._should_verify # Check if we've disabled certificate verification for this host - if should_verify: - for regex in self._config.federation_certificate_verification_whitelist: + if self._should_verify: + for regex in self._federation_certificate_verification_whitelist: if regex.match(ascii_host): should_verify = False break |