Don't allocate unnecessary SslCtx (#103720)

rzikm · web-flow · commit 8382cf16a625 · 2024-06-20T13:09:55.000+02:00
diff --git a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs
@@ -160,7 +160,6 @@ internal static SafeSslContextHandle GetOrCreateSslContextHandle(SslAuthenticati
             if (sslAuthenticationOptions.IsClient)
             {
                 var key = new SslContextCacheKey(protocols, sslAuthenticationOptions.CertificateContext?.TargetCertificate.GetCertHash(HashAlgorithmName.SHA256));
-
                 return s_clientSslContexts.GetOrCreate(key, static (args) =>
                 {
                     var (sslAuthOptions, protocols, allowCached) = args;
@@ -173,14 +172,13 @@ internal static SafeSslContextHandle GetOrCreateSslContextHandle(SslAuthenticati
 
             bool hasAlpn = sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0;
 
-            SafeSslContextHandle? handle = AllocateSslContext(sslAuthenticationOptions, protocols, allowCached);
-
-            if (!sslAuthenticationOptions.CertificateContext!.SslContexts!.TryGetValue(protocols | (hasAlpn ? FakeAlpnSslProtocol : SslProtocols.None), out handle))
+            SslProtocols serverCacheKey = protocols | (hasAlpn ? FakeAlpnSslProtocol : SslProtocols.None);
+            if (!sslAuthenticationOptions.CertificateContext!.SslContexts!.TryGetValue(serverCacheKey, out SafeSslContextHandle? handle))
             {
                 // not found in cache, create and insert
                 handle = AllocateSslContext(sslAuthenticationOptions, protocols, allowCached);
 
-                SafeSslContextHandle cached = sslAuthenticationOptions.CertificateContext!.SslContexts!.GetOrAdd(protocols | (hasAlpn ? FakeAlpnSslProtocol : SslProtocols.None), handle);
+                SafeSslContextHandle cached = sslAuthenticationOptions.CertificateContext!.SslContexts!.GetOrAdd(serverCacheKey, handle);
 
                 if (handle != cached)
                 {

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,6 @@ internal static SafeSslContextHandle GetOrCreateSslContextHandle(SslAuthenticati`
`160`	`160`	`if (sslAuthenticationOptions.IsClient)`
`161`	`161`	`{`
`162`	`162`	`var key = new SslContextCacheKey(protocols, sslAuthenticationOptions.CertificateContext?.TargetCertificate.GetCertHash(HashAlgorithmName.SHA256));`
`163`		`-`
`164`	`163`	`return s_clientSslContexts.GetOrCreate(key, static (args) =>`
`165`	`164`	`{`
`166`	`165`	`var (sslAuthOptions, protocols, allowCached) = args;`
`@@ -173,14 +172,13 @@ internal static SafeSslContextHandle GetOrCreateSslContextHandle(SslAuthenticati`
`173`	`172`
`174`	`173`	`bool hasAlpn = sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0;`
`175`	`174`
`176`		`- SafeSslContextHandle? handle = AllocateSslContext(sslAuthenticationOptions, protocols, allowCached);`
`177`		`-`
`178`		`- if (!sslAuthenticationOptions.CertificateContext!.SslContexts!.TryGetValue(protocols \| (hasAlpn ? FakeAlpnSslProtocol : SslProtocols.None), out handle))`
	`175`	`+ SslProtocols serverCacheKey = protocols \| (hasAlpn ? FakeAlpnSslProtocol : SslProtocols.None);`
	`176`	`+ if (!sslAuthenticationOptions.CertificateContext!.SslContexts!.TryGetValue(serverCacheKey, out SafeSslContextHandle? handle))`
`179`	`177`	`{`
`180`	`178`	`// not found in cache, create and insert`
`181`	`179`	`handle = AllocateSslContext(sslAuthenticationOptions, protocols, allowCached);`
`182`	`180`
`183`		`- SafeSslContextHandle cached = sslAuthenticationOptions.CertificateContext!.SslContexts!.GetOrAdd(protocols \| (hasAlpn ? FakeAlpnSslProtocol : SslProtocols.None), handle);`
	`181`	`+ SafeSslContextHandle cached = sslAuthenticationOptions.CertificateContext!.SslContexts!.GetOrAdd(serverCacheKey, handle);`
`184`	`182`
`185`	`183`	`if (handle != cached)`
`186`	`184`	`{`