Try and make TLS federation client code faster (#4674)
* fix to use makeContext so that we don't need to rebuild the certificateoptions each time
This commit is contained in:
commit
7c70b8f8a6
|
@ -0,0 +1 @@
|
||||||
|
Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.
|
|
@ -1,4 +1,5 @@
|
||||||
# Copyright 2014-2016 OpenMarket Ltd
|
# Copyright 2014-2016 OpenMarket Ltd
|
||||||
|
# Copyright 2019 New Vector Ltd
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -11,6 +12,7 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from zope.interface import implementer
|
from zope.interface import implementer
|
||||||
|
@ -105,9 +107,7 @@ class ClientTLSOptions(object):
|
||||||
self._hostnameBytes = _idnaBytes(hostname)
|
self._hostnameBytes = _idnaBytes(hostname)
|
||||||
self._sendSNI = True
|
self._sendSNI = True
|
||||||
|
|
||||||
ctx.set_info_callback(
|
ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback))
|
||||||
_tolerateErrors(self._identityVerifyingInfoCallback)
|
|
||||||
)
|
|
||||||
|
|
||||||
def clientConnectionForTLS(self, tlsProtocol):
|
def clientConnectionForTLS(self, tlsProtocol):
|
||||||
context = self._ctx
|
context = self._ctx
|
||||||
|
@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object):
|
||||||
|
|
||||||
def __init__(self, config):
|
def __init__(self, config):
|
||||||
# We don't use config options yet
|
# We don't use config options yet
|
||||||
pass
|
self._options = CertificateOptions(verify=False)
|
||||||
|
|
||||||
def get_options(self, host):
|
def get_options(self, host):
|
||||||
return ClientTLSOptions(
|
# Use _makeContext so that we get a fresh OpenSSL CTX each time.
|
||||||
host,
|
return ClientTLSOptions(host, self._options._makeContext())
|
||||||
CertificateOptions(verify=False).getContext()
|
|
||||||
)
|
|
||||||
|
|
Loading…
Reference in New Issue