[stunnel-users] Possible leak in client.c:init_ssl()

Sven Ulland sveniu at opera.com
Mon Apr 11 16:53:05 CEST 2011

Quick summary: Stunnel 4.35 configured with four services. As clients
connect, the main stunnel process grows a lot in vsz/rss memory. With
a lot of clients connecting, it quickly grows to several gigabytes

The use case is quite special: The multithreaded download accelerator
'axel' is used to download large files using 800 simultaneous threads.
The downloads are from China, so the network performance is horrible,
and connections are reset/broken all the time, so there is lots of new
connections created constantly. Up to four axel instances run at the
same time, so we're talking 3200 simultaneous connections. Over
a short 2h timespan, nearly 30000 connections have been set up (ref
attached stunnel.log).

The memory use increases over time, often in very large steps. As
connections finish and the transfers stop (i.e. no active connections
at all), the memory is not released.

A similar issue was reported in 2008 [1].

Attached are the following files:
stunnel.conf: Four services, no special config. Debug level 5.
massif.out.excerpt.txt: Valgrind Massif output.

The Massif log indicates that most of the memory is allocated through
client.c:init_ssl(), by libssl and zlib. I haven't looked too much at
the code yet, but could this be related to the high rate of connection
resets/timeouts, combined with connection/session reuse?


[1]: possible stunnel memory leak
Message-ID: <47E8E0AD.8010709 at eu.citrix.com>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: stunnel.conf
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110411/047e9e8a/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: massif.out.excerpt.txt
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110411/047e9e8a/attachment.txt>

More information about the stunnel-users mailing list