BUG/MINOR: ssl: don't initialize the keylog callback when not required
The registering of the keylog callback seems to provoke a loss of
performance. Disable the registration as well as the fetches if
tune.ssl.keylog is off.
Must be backported as far as 2.2.
(cherry picked from commit b60a77b6d0a50c3a006b541908f69d6bd91b3e8c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit a054cb61bab4f1a8c23c65ffac5aa29dfcf7bf80)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit fdc40821ce7f0ce7267bfc9e31ff30527950a6c2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 5509e1f..f1ee39d 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1198,6 +1198,9 @@
char *src = NULL;
const char *sfx;
+ if (global_ssl.keylog <= 0)
+ return 0;
+
conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3224c96..aeeb3c9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4467,7 +4467,9 @@
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
#endif
#ifdef HAVE_SSL_KEYLOG
- SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
+ /* only activate the keylog callback if it was required to prevent performance loss */
+ if (global_ssl.keylog > 0)
+ SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
#endif
#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)