You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/05/20 07:22:19 UTC
[apisix] 02/07: perf: avoid rematching SSL when our customized Nginx is used (#6970)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch release/2.10
in repository https://gitbox.apache.org/repos/asf/apisix.git
commit 5a4a5bfff206507ad5ba6557699b16e57c3bd742
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Thu May 5 14:12:26 2022 +0800
perf: avoid rematching SSL when our customized Nginx is used (#6970)
Signed-off-by: spacewander <sp...@gmail.com>
---
apisix/init.lua | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/apisix/init.lua b/apisix/init.lua
index a4a0fdd11..06daccab2 100644
--- a/apisix/init.lua
+++ b/apisix/init.lua
@@ -52,6 +52,11 @@ if ngx.config.subsystem == "http" then
control_api_router = require("apisix.control.router")
end
+local ok, apisix_base_flags = pcall(require, "resty.apisix.patch")
+if not ok then
+ apisix_base_flags = {}
+end
+
local load_balancer
local local_conf
local ver_header = "APISIX/" .. core.version.VERSION
@@ -309,6 +314,12 @@ end
local function verify_tls_client(ctx)
+ if apisix_base_flags.client_cert_verified_in_handshake then
+ -- For apisix-base, there is no need to rematch SSL rules as the invalid
+ -- connections are already rejected in the handshake
+ return true
+ end
+
if ctx and ctx.ssl_client_verified then
local res = ngx_var.ssl_client_verify
if res ~= "SUCCESS" then