Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wolfssl: avoid calling get_cached_x509_store if store is uncachable #14306

Closed
wants to merge 1 commit into from
Closed

wolfssl: avoid calling get_cached_x509_store if store is uncachable #14306

wants to merge 1 commit into from

Conversation

alexsn
Copy link

@alexsn alexsn commented Jul 30, 2024
edited
Loading

There's no need for get_cached_x509_store call if the return value won't be used for caching anyway.

@github-actions github-actions bot added the TLS label Jul 30, 2024
@alexsn alexsn changed the title wolfssl: avoid X509_STORE caching in the presence of CURLOPT_SSL_CTX_… wolfssl: avoid X509_STORE caching in the presence of CURLOPT_SSL_CTX_FUNCTION Jul 30, 2024
@bagder
Copy link
Member

bagder commented Jul 30, 2024

@icing, @dfandrich and me discussed this a bit. It is not clear that a user prefers to disable CA caching just because they use the callback, because it is a quite significant performance blow and there are numerous use cases for the callback that does not alter the CA store at all. Or that alter it but is fine with it remaining in memory.

So, we now stress the caching details in the CTX callback documentation: 674e102

Don't you think that is enough? It is a minor behavior difference, but I think for the good for almost everyone.

@alexsn
Copy link
Author

alexsn commented Jul 30, 2024

Don't you think that is enough? It is a minor behavior difference, but I think for the good for almost everyone.

Yeah, I think it's fine. I'll update the PR to avoid calling get_cached_x509_store if cache_criteria_met == FALSE

wolfssl: avoid calling get_cached_x509_store if store is uncachable
199fa2c 
There's no need for get_cached_x509_store call if the return value won't
be used for caching anyway.
@alexsn alexsn force-pushed the wolfssl_limit_x509_store_caching branch from 9799ec9 to 199fa2c Compare July 30, 2024 09:09
@alexsn alexsn changed the title wolfssl: avoid X509_STORE caching in the presence of CURLOPT_SSL_CTX_FUNCTION wolfssl: avoid calling get_cached_x509_store if store is uncachable Jul 30, 2024
@bagder bagder closed this in f87a958 Jul 30, 2024
@bagder
Copy link
Member

bagder commented Jul 30, 2024

Thanks!

@alexsn alexsn deleted the wolfssl_limit_x509_store_caching branch July 30, 2024 11:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bagder bagder bagder approved these changes

Assignees
No one assigned
Labels
TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexsn @bagder