You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/05/05 06:12:31 UTC
[apisix] branch master updated: perf: avoid rematching SSL when our customized Nginx is used (#6970)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new b7bb40fa2 perf: avoid rematching SSL when our customized Nginx is used (#6970)
b7bb40fa2 is described below
commit b7bb40fa2271e61efedd80f86286bc18dd581e45
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Thu May 5 14:12:26 2022 +0800
perf: avoid rematching SSL when our customized Nginx is used (#6970)
Signed-off-by: spacewander <sp...@gmail.com>
---
apisix/init.lua | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/apisix/init.lua b/apisix/init.lua
index 7eebd2de3..12fa94037 100644
--- a/apisix/init.lua
+++ b/apisix/init.lua
@@ -62,6 +62,11 @@ if ngx.config.subsystem == "http" then
control_api_router = require("apisix.control.router")
end
+local ok, apisix_base_flags = pcall(require, "resty.apisix.patch")
+if not ok then
+ apisix_base_flags = {}
+end
+
local load_balancer
local local_conf
local ver_header = "APISIX/" .. core.version.VERSION
@@ -228,6 +233,12 @@ end
local function verify_tls_client(ctx)
+ if apisix_base_flags.client_cert_verified_in_handshake then
+ -- For apisix-base, there is no need to rematch SSL rules as the invalid
+ -- connections are already rejected in the handshake
+ return true
+ end
+
local matched = router.router_ssl.match_and_set(ctx, true)
if not matched then
return true