From 0c3c7278f53f3de05f9ff6f6b0c36d97da30ff77 Mon Sep 17 00:00:00 2001 From: Username Date: Tue, 17 Feb 2026 21:28:36 +0100 Subject: [PATCH] rocksock: cache SSL contexts to avoid repeated CA store loads set_default_verify_paths was called per connection (2k+/cycle), spending ~24s reloading the CA store from disk. Cache two shared contexts (verify/noverify) at module level instead. --- rocksock.py | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/rocksock.py b/rocksock.py index 35a3f4d..c204f15 100644 --- a/rocksock.py +++ b/rocksock.py @@ -21,6 +21,25 @@ import socket, ssl, select, copy, errno import network_stats +# Cached SSL contexts -- avoids reloading CA store from disk on every connection +_ssl_ctx_noverify = None +_ssl_ctx_verify = None + +def _get_ssl_context(verifycert=False): + global _ssl_ctx_noverify, _ssl_ctx_verify + if verifycert: + if _ssl_ctx_verify is None: + _ssl_ctx_verify = ssl.create_default_context() + _ssl_ctx_verify.check_hostname = True + _ssl_ctx_verify.verify_mode = ssl.CERT_OPTIONAL + return _ssl_ctx_verify + else: + if _ssl_ctx_noverify is None: + _ssl_ctx_noverify = ssl.create_default_context() + _ssl_ctx_noverify.check_hostname = False + _ssl_ctx_noverify.verify_mode = ssl.CERT_NONE + return _ssl_ctx_noverify + # rs_proxyType RS_PT_NONE = 0 RS_PT_SOCKS4 = 1 @@ -210,12 +229,7 @@ def RocksockProxyFromURL(url): class Rocksock(): def __init__(self, host=None, port=0, verifycert=False, timeout=0, proxies=None, **kwargs): if 'ssl' in kwargs and kwargs['ssl'] == True: - self.sslcontext = ssl.create_default_context() - self.sslcontext.check_hostname = False - self.sslcontext.verify_mode = ssl.CERT_NONE - if verifycert: - self.sslcontext.verify_mode = ssl.CERT_OPTIONAL - self.sslcontext.check_hostname = True + self.sslcontext = _get_ssl_context(verifycert) else: self.sslcontext = None self.proxychain = []