#292 Memory leak when using secure sockets

closed
nobody
Net (141)
5
2012-09-14
2009-09-22
Anonymous
No

There is a large memory leak when using secure sockets. The leak is associated with socket connections coming and going. Attached is a sample program to demonstrate the leak.

Discussion

  • Sample program demonstrating the leak

     
    Attachments
  • I am currently looking into it. Seems to be related to certificate validation.

     
  • Hi,
    One thing that I notice with the SSL code is that most other programs call SSL_CTX_set_options at some point during a context setup. This function implements various fixups() supplied by openssl. Might I suggest adding SSL_CTX_set_options (_pSSLContext, SSL_OP_ALL); into Context.cpp somewhere as soon after SSL_CTX_new as possible.
    I’ll add more comments with any other ideas I have.
    (
    ) info about this function and the fixups can be found here:
    http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
    Thanks,
    Alex

     
  • Okay, got it. There was a refcounting bug in the Crypto::X509Certificate constructor taking a X509*. This is not the whole story, though. The rapid growth of memory usage is caused by the OpenSSL session cache. After adding the line

    SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF);

    to the Context constructor to turn off the session cache, the memory usage in the sample remains constant.
    For now, we'll turn off the session cache in the Context constructor, and add some methods to explicitely turn it back on if desired.

     
  • fixed in 1.3.6, rev. 1285.