mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-10 00:57:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: don't initialize the keylog callback when not required

Browse Source 
The registering of the keylog callback seems to provoke a loss of
performance. Disable the registration as well as the fetches if
tune.ssl.keylog is off.

Must be backported as far as 2.2.
This commit is contained in:
William Lallemand 2022-11-18 15:00:15 +01:00
parent dfefebcd7a
commit b60a77b6d0
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/ssl_sample.c
View File

@ -1855,6 +1855,9 @@ static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, co
char *src = NULL;
const char *sfx;
if (global_ssl.keylog <= 0)
return 0;
conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
smp->strm ? sc_conn(smp->strm->scb) : NULL;

2
src/ssl_sock.c
View File

@ -4979,6 +4979,8 @@ static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_con
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
#endif
#ifdef HAVE_SSL_KEYLOG
/* only activate the keylog callback if it was required to prevent performance loss */
if (global_ssl.keylog > 0)
SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
#endif