From 561eebe170d02047e92141fa04b70313beb2ac0b Mon Sep 17 00:00:00 2001
From: Amber Brown <hawkowl@atleastfornow.net>
Date: Tue, 19 Feb 2019 16:18:05 +1100
Subject: fix to use makeContext so that we don't need to rebuild the
 certificateoptions each time

---
 synapse/crypto/context_factory.py | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 85f2848fb1..49cbc7098f 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -1,4 +1,5 @@
 # Copyright 2014-2016 OpenMarket Ltd
+# Copyright 2019 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 import logging
 
 from zope.interface import implementer
@@ -105,9 +107,7 @@ class ClientTLSOptions(object):
             self._hostnameBytes = _idnaBytes(hostname)
             self._sendSNI = True
 
-        ctx.set_info_callback(
-            _tolerateErrors(self._identityVerifyingInfoCallback)
-        )
+        ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback))
 
     def clientConnectionForTLS(self, tlsProtocol):
         context = self._ctx
@@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object):
 
     def __init__(self, config):
         # We don't use config options yet
-        pass
+        self._options = CertificateOptions(verify=False)
 
     def get_options(self, host):
-        return ClientTLSOptions(
-            host,
-            CertificateOptions(verify=False).getContext()
-        )
+        # Use _makeContext so that we get a fresh OpenSSL CTX each time.
+        return ClientTLSOptions(host, self._options._makeContext())
-- 
cgit 1.5.1


From 2b2466f78bafe1d7083d32f1495f20746159b470 Mon Sep 17 00:00:00 2001
From: Amber Brown <hawkowl@atleastfornow.net>
Date: Tue, 19 Feb 2019 16:18:48 +1100
Subject: changelog

---
 changelog.d/4674.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/4674.misc

diff --git a/changelog.d/4674.misc b/changelog.d/4674.misc
new file mode 100644
index 0000000000..84630bb201
--- /dev/null
+++ b/changelog.d/4674.misc
@@ -0,0 +1 @@
+Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.
-- 
cgit 1.5.1


From 107aeb6915927a4278290dd3bdc5e01497a0dce0 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Tue, 19 Feb 2019 10:18:48 +0000
Subject: misc->feature

---
 changelog.d/4674.feature | 1 +
 changelog.d/4674.misc    | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 changelog.d/4674.feature
 delete mode 100644 changelog.d/4674.misc

diff --git a/changelog.d/4674.feature b/changelog.d/4674.feature
new file mode 100644
index 0000000000..84630bb201
--- /dev/null
+++ b/changelog.d/4674.feature
@@ -0,0 +1 @@
+Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.
diff --git a/changelog.d/4674.misc b/changelog.d/4674.misc
deleted file mode 100644
index 84630bb201..0000000000
--- a/changelog.d/4674.misc
+++ /dev/null
@@ -1 +0,0 @@
-Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.
-- 
cgit 1.5.1