cURL / Mailing Lists / curl-library / Single Mail


Re: SSL certificates and increasing memory usage

From: Kamil Dudka <>
Date: Tue, 20 Aug 2013 10:34:46 +0200

On Tuesday 20 August 2013 00:49:37 Jerry Blakley wrote:
> Our fusedav filesystem client uses cURL and nss. We create a thread, open a
> session handle (curl_easy_init), keep it open for many connections
> (curl_easy_perform), and close it when the thread ends (curl_easy_cleanup).
> Each call to curl_easy_perform eventually makes the following calls
> (in nss.c)
> Curl_nss_connect
> cert_stuff (because we do not use certificate nicknames)
> nss_load_cert
> nss_create_object
> and so on
> The comment in nss_create_cert indicates:
> /* Call PK11_CreateGenericObject() with the given obj_class and filename.
> If
> * the call succeeds, append the object handle to the list of objects so
> that
> * the object can be destroyed in Curl_nss_close(). */
> Curl_nss_close won't get called until curl_easy_cleanup.
> What seems to be happening is that while the session is open and the
> connection reused, we make the repeated allocations in nss_create_object,
> increasing memory usage, until the session ends and curl_easy_cleanup is
> called.
> Is this the case, and should it be so? Or is there/should there be some
> intermediary cleanup routine, or an ability to reuse the certificate
> information without the reallocation?

How much does the memory usage grow per connection?

If it is a significant amount of memory, you may consider to update to an up2date version. The latest sources are available

In particular, the following patches inhibited the excessive memory usage:

If it grows just a few bytes per connection, it is a known bug that nobody
complained enough about to get it actually fixed. You can find details in
the following upstream bug:

List admin:
Received on 2013-08-20