summary refs log tree commit diff
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-02-19 10:19:16 +0000
committerGitHub <noreply@github.com>2019-02-19 10:19:16 +0000
commit7c70b8f8a64272d12e8e95b9b20f563950801a08 (patch)
treecad558b6e75eeccf4650cba2278a908e2cdce77e
parentMerge pull request #4642 from matrix-org/anoa/bans_room_upgrade (diff)
parentmisc->feature (diff)
downloadsynapse-7c70b8f8a64272d12e8e95b9b20f563950801a08.tar.xz
Try and make TLS federation client code faster (#4674)
* fix to use makeContext so that we don't need to rebuild the certificateoptions each time
-rw-r--r--changelog.d/4674.feature1
-rw-r--r--synapse/crypto/context_factory.py14
2 files changed, 7 insertions, 8 deletions
diff --git a/changelog.d/4674.feature b/changelog.d/4674.feature
new file mode 100644
index 0000000000..84630bb201
--- /dev/null
+++ b/changelog.d/4674.feature
@@ -0,0 +1 @@
+Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 85f2848fb1..49cbc7098f 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -1,4 +1,5 @@
 # Copyright 2014-2016 OpenMarket Ltd
+# Copyright 2019 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 import logging
 
 from zope.interface import implementer
@@ -105,9 +107,7 @@ class ClientTLSOptions(object):
             self._hostnameBytes = _idnaBytes(hostname)
             self._sendSNI = True
 
-        ctx.set_info_callback(
-            _tolerateErrors(self._identityVerifyingInfoCallback)
-        )
+        ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback))
 
     def clientConnectionForTLS(self, tlsProtocol):
         context = self._ctx
@@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object):
 
     def __init__(self, config):
         # We don't use config options yet
-        pass
+        self._options = CertificateOptions(verify=False)
 
     def get_options(self, host):
-        return ClientTLSOptions(
-            host,
-            CertificateOptions(verify=False).getContext()
-        )
+        # Use _makeContext so that we get a fresh OpenSSL CTX each time.
+        return ClientTLSOptions(host, self._options._makeContext())