[stunnel-users] Possible leak in client.c:init_ssl()
Michal Trojnara
Michal.Trojnara at mirt.net
Mon Apr 11 17:13:07 CEST 2011
Sven Ulland wrote:
> Quick summary: Stunnel 4.35 configured with four services. As clients
> connect, the main stunnel process grows a lot in vsz/rss memory. With
> a lot of clients connecting, it quickly grows to several gigabytes
> rss.
Thank you very much for the report. Stunnel does not call zlib directly,
so OpenSSL should call the appropriate cleanup functions of zlib.
> The Massif log indicates that most of the memory is allocated through
> client.c:init_ssl(), by libssl and zlib. I haven't looked too much at
> the code yet, but could this be related to the high rate of connection
> resets/timeouts, combined with connection/session reuse?
I guess you're right. A trivial workaround would be to build OpenSSL
without zlib. 8-)
BTW: What is your version of OpenSSL?
Best regards,
Mike
More information about the stunnel-users
mailing list