Quick summary: Stunnel 4.35 configured with four services. As clients connect, the main stunnel process grows a lot in vsz/rss memory. With a lot of clients connecting, it quickly grows to several gigabytes rss.
The use case is quite special: The multithreaded download accelerator 'axel' is used to download large files using 800 simultaneous threads. The downloads are from China, so the network performance is horrible, and connections are reset/broken all the time, so there is lots of new connections created constantly. Up to four axel instances run at the same time, so we're talking 3200 simultaneous connections. Over a short 2h timespan, nearly 30000 connections have been set up (ref attached stunnel.log).
The memory use increases over time, often in very large steps. As connections finish and the transfers stop (i.e. no active connections at all), the memory is not released.
A similar issue was reported in 2008 [1].
Attached are the following files: stunnel.conf: Four services, no special config. Debug level 5. massif.out.excerpt.txt: Valgrind Massif output.
The Massif log indicates that most of the memory is allocated through client.c:init_ssl(), by libssl and zlib. I haven't looked too much at the code yet, but could this be related to the high rate of connection resets/timeouts, combined with connection/session reuse?
sven
[1]: possible stunnel memory leak Message-ID: 47E8E0AD.8010709@eu.citrix.com http://www.stunnel.org/pipermail/stunnel-users/2008-March/001903.html