From b60a77b6d0a50c3a006b541908f69d6bd91b3e8c Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 18 Nov 2022 15:00:15 +0100 Subject: [PATCH] BUG/MINOR: ssl: don't initialize the keylog callback when not required The registering of the keylog callback seems to provoke a loss of performance. Disable the registration as well as the fetches if tune.ssl.keylog is off. Must be backported as far as 2.2. --- src/ssl_sample.c | 3 +++ src/ssl_sock.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/ssl_sample.c b/src/ssl_sample.c index 7eee065fde..30a616253e 100644 --- a/src/ssl_sample.c +++ b/src/ssl_sample.c @@ -1855,6 +1855,9 @@ static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, co char *src = NULL; const char *sfx; + if (global_ssl.keylog <= 0) + return 0; + conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) : smp->strm ? sc_conn(smp->strm->scb) : NULL; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e066f286d7..2a4d64429a 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4979,7 +4979,9 @@ static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_con SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk); #endif #ifdef HAVE_SSL_KEYLOG - SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog); + /* only activate the keylog callback if it was required to prevent performance loss */ + if (global_ssl.keylog > 0) + SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog); #endif #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) -- 2.47.3