curl-library
Re: SSL certificates and increasing memory usage
Date: Tue, 20 Aug 2013 10:34:46 +0200
On Tuesday 20 August 2013 00:49:37 Jerry Blakley wrote:
> Our fusedav filesystem client uses cURL and nss. We create a thread, open a
> session handle (curl_easy_init), keep it open for many connections
> (curl_easy_perform), and close it when the thread ends (curl_easy_cleanup).
> Each call to curl_easy_perform eventually makes the following calls
>
> (in nss.c)
> Curl_nss_connect
> cert_stuff (because we do not use certificate nicknames)
> nss_load_cert
> nss_create_object
> and so on
>
> The comment in nss_create_cert indicates:
> /* Call PK11_CreateGenericObject() with the given obj_class and filename.
> If
> * the call succeeds, append the object handle to the list of objects so
> that
> * the object can be destroyed in Curl_nss_close(). */
>
> Curl_nss_close won't get called until curl_easy_cleanup.
>
> What seems to be happening is that while the session is open and the
> connection reused, we make the repeated allocations in nss_create_object,
> increasing memory usage, until the session ends and curl_easy_cleanup is
> called.
>
> Is this the case, and should it be so? Or is there/should there be some
> intermediary cleanup routine, or an ability to reuse the certificate
> information without the reallocation?
How much does the memory usage grow per connection?
If it is a significant amount of memory, you may consider to update
libnnspem.so to an up2date version. The latest sources are available
here:
https://git.fedorahosted.org/cgit/nss-pem.git
In particular, the following patches inhibited the excessive memory usage:
https://git.fedorahosted.org/cgit/nss-pem.git/commit/?id=769549bd
https://git.fedorahosted.org/cgit/nss-pem.git/commit/?id=271ab3cf
If it grows just a few bytes per connection, it is a known bug that nobody
complained enough about to get it actually fixed. You can find details in
the following upstream bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=402712#c58
Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-20