Try and make TLS federation client code faster (#4674)

* fix to use makeContext so that we don't need to rebuild the certificateoptions each time
This commit is contained in:
Richard van der Hoff 2019-02-19 10:19:16 +00:00 committed by GitHub
commit 7c70b8f8a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 8 deletions

1
changelog.d/4674.feature Normal file
View File

@ -0,0 +1 @@
Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.

View File

@ -1,4 +1,5 @@
# Copyright 2014-2016 OpenMarket Ltd # Copyright 2014-2016 OpenMarket Ltd
# Copyright 2019 New Vector Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import logging import logging
from zope.interface import implementer from zope.interface import implementer
@ -105,9 +107,7 @@ class ClientTLSOptions(object):
self._hostnameBytes = _idnaBytes(hostname) self._hostnameBytes = _idnaBytes(hostname)
self._sendSNI = True self._sendSNI = True
ctx.set_info_callback( ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback))
_tolerateErrors(self._identityVerifyingInfoCallback)
)
def clientConnectionForTLS(self, tlsProtocol): def clientConnectionForTLS(self, tlsProtocol):
context = self._ctx context = self._ctx
@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object):
def __init__(self, config): def __init__(self, config):
# We don't use config options yet # We don't use config options yet
pass self._options = CertificateOptions(verify=False)
def get_options(self, host): def get_options(self, host):
return ClientTLSOptions( # Use _makeContext so that we get a fresh OpenSSL CTX each time.
host, return ClientTLSOptions(host, self._options._makeContext())
CertificateOptions(verify=False).getContext()
)