summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2021-01-28 17:38:59 +0000
committerGitHub <noreply@github.com>2021-01-28 17:38:59 +0000
commit54a6afeee3b1ae8f353edfdf1375aa73c1819e9e (patch)
tree9c74c5a62a060e136e2ef51a8ede8b4e287361d3 /synapse
parentAdd type hints to E2E handler. (#9232) (diff)
downloadsynapse-54a6afeee3b1ae8f353edfdf1375aa73c1819e9e.tar.xz
Cache config options in SSL verification (#9255)
Reading from the config object is *slow*.
Diffstat (limited to 'synapse')
-rw-r--r--synapse/crypto/context_factory.py13
1 files changed, 9 insertions, 4 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 74b67b230a..14b21796d9 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -125,19 +125,24 @@ class FederationPolicyForHTTPS:
         self._no_verify_ssl_context = _no_verify_ssl.getContext()
         self._no_verify_ssl_context.set_info_callback(_context_info_cb)
 
-    def get_options(self, host: bytes):
+        self._should_verify = self._config.federation_verify_certificates
+
+        self._federation_certificate_verification_whitelist = (
+            self._config.federation_certificate_verification_whitelist
+        )
 
+    def get_options(self, host: bytes):
         # IPolicyForHTTPS.get_options takes bytes, but we want to compare
         # against the str whitelist. The hostnames in the whitelist are already
         # IDNA-encoded like the hosts will be here.
         ascii_host = host.decode("ascii")
 
         # Check if certificate verification has been enabled
-        should_verify = self._config.federation_verify_certificates
+        should_verify = self._should_verify
 
         # Check if we've disabled certificate verification for this host
-        if should_verify:
-            for regex in self._config.federation_certificate_verification_whitelist:
+        if self._should_verify:
+            for regex in self._federation_certificate_verification_whitelist:
                 if regex.match(ascii_host):
                     should_verify = False
                     break