[stunnel-users] Possible leak in client.c:init_ssl()

Michal Trojnara Michal.Trojnara at mirt.net
Mon Apr 11 17:13:07 CEST 2011


Sven Ulland wrote:
> Quick summary: Stunnel 4.35 configured with four services. As clients
> connect, the main stunnel process grows a lot in vsz/rss memory. With
> a lot of clients connecting, it quickly grows to several gigabytes
> rss.

Thank you very much for the report.  Stunnel does not call zlib directly,
so OpenSSL should call the appropriate cleanup functions of zlib.

> The Massif log indicates that most of the memory is allocated through
> client.c:init_ssl(), by libssl and zlib. I haven't looked too much at
> the code yet, but could this be related to the high rate of connection
> resets/timeouts, combined with connection/session reuse?

I guess you're right.  A trivial workaround would be to build OpenSSL
without zlib.  8-)

BTW: What is your version of OpenSSL?

Best regards,
    Mike



More information about the stunnel-users mailing list