[stunnel-users] Possible leak in client.c:init_ssl()
Michal.Trojnara at mirt.net
Mon Apr 11 17:13:07 CEST 2011
Sven Ulland wrote:
> Quick summary: Stunnel 4.35 configured with four services. As clients
> connect, the main stunnel process grows a lot in vsz/rss memory. With
> a lot of clients connecting, it quickly grows to several gigabytes
Thank you very much for the report. Stunnel does not call zlib directly,
so OpenSSL should call the appropriate cleanup functions of zlib.
> The Massif log indicates that most of the memory is allocated through
> client.c:init_ssl(), by libssl and zlib. I haven't looked too much at
> the code yet, but could this be related to the high rate of connection
> resets/timeouts, combined with connection/session reuse?
I guess you're right. A trivial workaround would be to build OpenSSL
without zlib. 8-)
BTW: What is your version of OpenSSL?
More information about the stunnel-users