Is it possible that this is related to http://stunnel.mirt.net/pipermail/stunnel-users/2011-March/002982.html?
Basically, there is a memory leak in the code that creates pthreads.
Paul
-----Original Message----- From: stunnel-users-bounces@stunnel.org [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Michal Trojnara Sent: Monday, April 11, 2011 10:13 AM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] Possible leak in client.c:init_ssl()
Sven Ulland wrote:
Quick summary: Stunnel 4.35 configured with four services. As clients connect, the main stunnel process grows a lot in vsz/rss memory. With a lot of clients connecting, it quickly grows to several gigabytes rss.
Thank you very much for the report. Stunnel does not call zlib directly, so OpenSSL should call the appropriate cleanup functions of zlib.
The Massif log indicates that most of the memory is allocated through client.c:init_ssl(), by libssl and zlib. I haven't looked too much at the code yet, but could this be related to the high rate of connection resets/timeouts, combined with connection/session reuse?
I guess you're right. A trivial workaround would be to build OpenSSL without zlib. 8-)
BTW: What is your version of OpenSSL?
Best regards, Mike _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users