BUG/MINOR: ssl: don't initialize the keylog callback when not required The registering of the keylog callback seems to provoke a loss of performance. Disable the registration as well as the fetches if tune.ssl.keylog is off. Must be backported as far as 2.2. (cherry picked from commit b60a77b6d0a50c3a006b541908f69d6bd91b3e8c) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com> (cherry picked from commit a054cb61bab4f1a8c23c65ffac5aa29dfcf7bf80) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com> (cherry picked from commit fdc40821ce7f0ce7267bfc9e31ff30527950a6c2) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

commit: 2cb86e7eb2288139cc31e47a7cf35ba6c5d69406 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Fri Nov 18 15:00:15 2022 +0100
committer: Christopher Faulet <cfaulet@haproxy.com> Fri Nov 25 11:48:55 2022 +0100
tree: b5e5dc0b0fee322ed7f8e9ca5daa08247325cc6b
parent: 32e8e9b39365afd428279d42e371749f9b424cce [diff] [blame]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3224c96..aeeb3c9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -4467,7 +4467,9 @@
 	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
 #endif
 #ifdef HAVE_SSL_KEYLOG
-	SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
+	/* only activate the keylog callback if it was required to prevent performance loss */
+	if (global_ssl.keylog > 0)
+		SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
 #endif
 
 #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
commit	2cb86e7eb2288139cc31e47a7cf35ba6c5d69406	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Fri Nov 18 15:00:15 2022 +0100
committer	Christopher Faulet <cfaulet@haproxy.com>	Fri Nov 25 11:48:55 2022 +0100
tree	b5e5dc0b0fee322ed7f8e9ca5daa08247325cc6b
parent	32e8e9b39365afd428279d42e371749f9b424cce [diff] [blame]