This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.13 in repository https://gitbox.apache.org/repos/asf/apisix.git
commit 047f770508d8a76b307f6d16f1582ac4e5a56747 Author: 罗泽轩 <[email protected]> AuthorDate: Thu May 5 14:12:26 2022 +0800 perf: avoid rematching SSL when our customized Nginx is used (#6970) Signed-off-by: spacewander <[email protected]> --- apisix/init.lua | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/apisix/init.lua b/apisix/init.lua index 4717646de..a2eb17d1c 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -63,6 +63,11 @@ if ngx.config.subsystem == "http" then control_api_router = require("apisix.control.router") end +local ok, apisix_base_flags = pcall(require, "resty.apisix.patch") +if not ok then + apisix_base_flags = {} +end + local load_balancer local local_conf local ver_header = "APISIX/" .. core.version.VERSION @@ -310,6 +315,12 @@ end local function verify_tls_client(ctx) + if apisix_base_flags.client_cert_verified_in_handshake then + -- For apisix-base, there is no need to rematch SSL rules as the invalid + -- connections are already rejected in the handshake + return true + end + local matched = router.router_ssl.match_and_set(ctx, true) if not matched then return true
