diff options
| author | David Sherret <dsherret@users.noreply.github.com> | 2023-05-01 16:42:05 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-01 16:42:05 -0400 |
| commit | 913176313b6869eeb29b8d48e0c8d80227fa6544 (patch) | |
| tree | cc0128b36ea9b22207a3dd41a401ae4ecd131e74 /ext/net | |
| parent | ecc70eb58fd5531f3b93402cf781e93ef2bb4d64 (diff) | |
perf: lazily create RootCertStore (#18938)
Diffstat (limited to 'ext/net')
| -rw-r--r-- | ext/net/lib.rs | 17 | ||||
| -rw-r--r-- | ext/net/ops_tls.rs | 9 |
2 files changed, 16 insertions, 10 deletions
diff --git a/ext/net/lib.rs b/ext/net/lib.rs index ff67186b0..912b0723e 100644 --- a/ext/net/lib.rs +++ b/ext/net/lib.rs @@ -11,10 +11,12 @@ pub mod resolve_addr; use deno_core::error::AnyError; use deno_core::OpState; use deno_tls::rustls::RootCertStore; +use deno_tls::RootCertStoreProvider; use std::cell::RefCell; use std::path::Path; use std::path::PathBuf; use std::rc::Rc; +use std::sync::Arc; pub trait NetPermissions { fn check_net<T: AsRef<str>>( @@ -67,7 +69,16 @@ pub fn get_declaration() -> PathBuf { #[derive(Clone)] pub struct DefaultTlsOptions { - pub root_cert_store: Option<RootCertStore>, + pub root_cert_store_provider: Option<Arc<dyn RootCertStoreProvider>>, +} + +impl DefaultTlsOptions { + pub fn root_cert_store(&self) -> Result<Option<RootCertStore>, AnyError> { + Ok(match &self.root_cert_store_provider { + Some(provider) => Some(provider.get_or_try_init()?.clone()), + None => None, + }) + } } /// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`; @@ -113,13 +124,13 @@ deno_core::extension!(deno_net, ], esm = [ "01_net.js", "02_tls.js" ], options = { - root_cert_store: Option<RootCertStore>, + root_cert_store_provider: Option<Arc<dyn RootCertStoreProvider>>, unstable: bool, unsafely_ignore_certificate_errors: Option<Vec<String>>, }, state = |state, options| { state.put(DefaultTlsOptions { - root_cert_store: options.root_cert_store, + root_cert_store_provider: options.root_cert_store_provider, }); state.put(UnstableChecker { unstable: options.unstable }); state.put(UnsafelyIgnoreCertificateErrors( diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs index 8a7757066..b9b37b328 100644 --- a/ext/net/ops_tls.rs +++ b/ext/net/ops_tls.rs @@ -813,14 +813,10 @@ where .try_borrow::<UnsafelyIgnoreCertificateErrors>() .and_then(|it| it.0.clone()); - // TODO(@justinmchase): Ideally the certificate store is created once - // and not cloned. The store should be wrapped in Arc<T> to reduce - // copying memory unnecessarily. let root_cert_store = state .borrow() .borrow::<DefaultTlsOptions>() - .root_cert_store - .clone(); + .root_cert_store()?; let resource_rc = state .borrow_mut() @@ -912,8 +908,7 @@ where let root_cert_store = state .borrow() .borrow::<DefaultTlsOptions>() - .root_cert_store - .clone(); + .root_cert_store()?; let hostname_dns = ServerName::try_from(&*addr.hostname) .map_err(|_| invalid_hostname(&addr.hostname))?; let connect_addr = resolve_addr(&addr.hostname, addr.port) |