diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-02-19 10:19:16 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-19 10:19:16 +0000 |
commit | 7c70b8f8a64272d12e8e95b9b20f563950801a08 (patch) | |
tree | cad558b6e75eeccf4650cba2278a908e2cdce77e /synapse/crypto | |
parent | Merge pull request #4642 from matrix-org/anoa/bans_room_upgrade (diff) | |
parent | misc->feature (diff) | |
download | synapse-7c70b8f8a64272d12e8e95b9b20f563950801a08.tar.xz |
Try and make TLS federation client code faster (#4674)
* fix to use makeContext so that we don't need to rebuild the certificateoptions each time
Diffstat (limited to 'synapse/crypto')
-rw-r--r-- | synapse/crypto/context_factory.py | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 85f2848fb1..49cbc7098f 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -1,4 +1,5 @@ # Copyright 2014-2016 OpenMarket Ltd +# Copyright 2019 New Vector Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + import logging from zope.interface import implementer @@ -105,9 +107,7 @@ class ClientTLSOptions(object): self._hostnameBytes = _idnaBytes(hostname) self._sendSNI = True - ctx.set_info_callback( - _tolerateErrors(self._identityVerifyingInfoCallback) - ) + ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback)) def clientConnectionForTLS(self, tlsProtocol): context = self._ctx @@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object): def __init__(self, config): # We don't use config options yet - pass + self._options = CertificateOptions(verify=False) def get_options(self, host): - return ClientTLSOptions( - host, - CertificateOptions(verify=False).getContext() - ) + # Use _makeContext so that we get a fresh OpenSSL CTX each time. + return ClientTLSOptions(host, self._options._makeContext()) |