c-taylor opened a new pull request, #13097: URL: https://github.com/apache/trafficserver/pull/13097
Replace the ink_mutex in OCSP stapling with ts::bravo::shared_mutex to allow true reader concurrency on the TLS handshake hot path. BRAVO provides a lock-free fast path for readers via per-thread atomic slots, avoiding the shared counter bounce of std::shared_mutex. Skip the SSL_get_certificate() call in the OCSP stapling callback when only one certificate exists in the map, avoiding a DER re-parse on every handshake. On older Intel systems this gave +5% HS/sec Give certinfo a proper destructor to consolidate resource cleanup and fix two pre-existing leaks (cid and BoringSSL cert ref). Fix a pre-existing bug where the error path in ssl_stapling_init_cert could delete a certinfo_map still owned by the SSL_CTX. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
