BUG/MINOR: ssl: don't initialize the keylog callback when not required

The registering of the keylog callback seems to provoke a loss of
performance. Disable the registration as well as the fetches if
tune.ssl.keylog is off.

Must be backported as far as 2.2.

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 7eee065fde17bea8d58a19455fb76f53b66a1dea..30a616253ecf09de908715b0b3855c58835a6d88 100644 (file)
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1855,6 +1855,9 @@ static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, co
        char *src = NULL;
        const char *sfx;
 
+       if (global_ssl.keylog <= 0)
+               return 0;
+
        conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
               smp->strm ? sc_conn(smp->strm->scb) : NULL;
 

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e066f286d771658d47afdfd3b9870f593e83c504..2a4d64429a5efd3078cbb5ddee81eb8500d4826b 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4979,7 +4979,9 @@ static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_con
        SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
 #endif
 #ifdef HAVE_SSL_KEYLOG
-       SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
+       /* only activate the keylog callback if it was required to prevent performance loss */
+       if (global_ssl.keylog > 0)
+               SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
 #endif
 
 #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)