crypto/tls: cache Leaf certificate during BuildNameToCertificate

I am working on a TLS server program, which issues new TLS certificates on demand. The new certificates will be added into tls.Config.Certificates. BuildNameToCertificate will be called to refresh the name table afterwards. This change will reduce some workload on existing certificates. Note that you can’t modify the Certificates field (or call BuildNameToCertificate) on a Config in use by a Server. You can however modify an unused Config that gets cloned in GetConfigForClient with appropriate locking. Change-Id: I7bdb7d23fc5d68df83c73f3bfa3ba9181d38fbde GitHub-Last-Rev: c3788f4116be47f2fdb777935c421e7dd694f5c8 GitHub-Pull-Request: golang/go#24920 Reviewed-on: https://go-review.googlesource.com/c/107627 Reviewed-by: Filippo Valsorda <filippo@golang.org>
2025-04-03 20:17:36 +03:00 · 2018-10-31 14:37:26 +00:00 · 2018-10-31 14:37:26 +00:00 · 9ba50a7a9f
commit 9ba50a7a9f
parent 5aa5e4cef7
1 changed files with 7 additions and 3 deletions
--- a/common.go
+++ b/common.go
@ -765,10 +765,14 @@ func (c *Config) BuildNameToCertificate() {
 	c.NameToCertificate = make(map[string]*Certificate)
 	for i := range c.Certificates {
 		cert := &c.Certificates[i]
-		x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
-		if err != nil {
-			continue
+		if cert.Leaf == nil {
+			x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
+			if err != nil {
+				continue
+			}
+			cert.Leaf = x509Cert
 		}
+		x509Cert := cert.Leaf
 		if len(x509Cert.Subject.CommonName) > 0 {
 			c.NameToCertificate[x509Cert.Subject.CommonName] = cert
 		}