BUG/MINOR: ssl: don't initialize the keylog callback when not required
The registering of the keylog callback seems to provoke a loss of
performance. Disable the registration as well as the fetches if
tune.ssl.keylog is off.
Must be backported as far as 2.2.
(cherry picked from commit b60a77b6d0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
This commit is contained in:
William Lallemand
committed by
Christopher Faulet
Christopher Faulet
parent
369c66d040
commit
a054cb61ba
@ -1837,6 +1837,9 @@ static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, co
|
|||||||
char *src = NULL;
|
char *src = NULL;
|
||||||
const char *sfx;
|
const char *sfx;
|
||||||
|
|
||||||
|
if (global_ssl.keylog <= 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
|
conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
|
||||||
smp->strm ? sc_conn(smp->strm->scb) : NULL;
|
smp->strm ? sc_conn(smp->strm->scb) : NULL;
|
||||||
|
|
||||||
|
|||||||
@ -4963,7 +4963,9 @@ static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_con
|
|||||||
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
|
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_SSL_KEYLOG
|
#ifdef HAVE_SSL_KEYLOG
|
||||||
SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
|
/* only activate the keylog callback if it was required to prevent performance loss */
|
||||||
|
if (global_ssl.keylog > 0)
|
||||||
|
SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
||||||
|
|||||||
Reference in New Issue
Block a user