Sven Ulland wrote:
Quick summary: Stunnel 4.35 configured with four services. As clients connect, the main stunnel process grows a lot in vsz/rss memory. With a lot of clients connecting, it quickly grows to several gigabytes rss.
Thank you very much for the report. Stunnel does not call zlib directly, so OpenSSL should call the appropriate cleanup functions of zlib.
The Massif log indicates that most of the memory is allocated through client.c:init_ssl(), by libssl and zlib. I haven't looked too much at the code yet, but could this be related to the high rate of connection resets/timeouts, combined with connection/session reuse?
I guess you're right. A trivial workaround would be to build OpenSSL without zlib. 8-)
BTW: What is your version of OpenSSL?
Best regards, Mike