Try and make TLS federation client code faster (#4674)

* fix to use makeContext so that we don't need to rebuild the certificateoptions each time

Try and make TLS federation client code faster (#4674)
7c70b8f8 · Richard van der Hoff · GitHub · 968a30a7 · 107aeb69 · 7c70b8f8
Unverified Commit 7c70b8f8 authored 6 years ago by Richard van der Hoff Committed by GitHub 6 years ago
--- a/changelog.d/4674.feature
+++ b/changelog.d/4674.feature
+Reduce the overhead of creating outbound federation connections over TLS by caching the TLS client options.
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
 # Copyright 2014-2016 OpenMarket Ltd
+# Copyright 2019 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 import logging

 from zope.interface import implementer
@@ -105,9 +107,7 @@ class ClientTLSOptions(object):
            self._hostnameBytes = _idnaBytes(hostname)
            self._sendSNI = True

-        ctx.set_info_callback(
-            _tolerateErrors(self._identityVerifyingInfoCallback)
-        )
+        ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback))

    def clientConnectionForTLS(self, tlsProtocol):
        context = self._ctx
@@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object):

    def __init__(self, config):
        # We don't use config options yet
-        pass
+        self._options = CertificateOptions(verify=False)

    def get_options(self, host):
-        return ClientTLSOptions(
-            host,
-            CertificateOptions(verify=False).getContext()
-        )
+        # Use _makeContext so that we get a fresh OpenSSL CTX each time.
+        return ClientTLSOptions(host, self._options._makeContext())