From ef44627852ce831407d54c09d7a100e3ca41b9a6 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Sat, 20 Feb 2021 18:03:04 +0300
Subject: [PATCH] SSL: added check for debugging.

If debugging is not enabled, there is no need to do extra work in
ngx_ssl_verify_callback() and ngx_ssl_handshake_log().
---
 src/event/ngx_event_openssl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 48b3192b1..d762d6b7f 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1014,6 +1014,10 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
 
     c = ngx_ssl_get_connection(ssl_conn);
 
+    if (!(c->log->log_level & NGX_LOG_DEBUG_EVENT)) {
+        return 1;
+    }
+
     cert = X509_STORE_CTX_get_current_cert(x509_store);
     err = X509_STORE_CTX_get_error(x509_store);
     depth = X509_STORE_CTX_get_error_depth(x509_store);
@@ -1970,6 +1974,10 @@ ngx_ssl_handshake_log(ngx_connection_t *c)
 #endif
     SSL_CIPHER  *cipher;
 
+    if (!(c->log->log_level & NGX_LOG_DEBUG_EVENT)) {
+        return;
+    }
+
     cipher = SSL_get_current_cipher(c->ssl->connection);
 
     if (cipher) {