cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL certificates and increasing memory usage

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 20 Aug 2013 10:34:46 +0200

On Tuesday 20 August 2013 00:49:37 Jerry Blakley wrote:
> Our fusedav filesystem client uses cURL and nss. We create a thread, open a
> session handle (curl_easy_init), keep it open for many connections
> (curl_easy_perform), and close it when the thread ends (curl_easy_cleanup).
> Each call to curl_easy_perform eventually makes the following calls
>
> (in nss.c)
> Curl_nss_connect
> cert_stuff (because we do not use certificate nicknames)
> nss_load_cert
> nss_create_object
> and so on
>
> The comment in nss_create_cert indicates:
> /* Call PK11_CreateGenericObject() with the given obj_class and filename.
> If
> * the call succeeds, append the object handle to the list of objects so
> that
> * the object can be destroyed in Curl_nss_close(). */
>
> Curl_nss_close won't get called until curl_easy_cleanup.
>
> What seems to be happening is that while the session is open and the
> connection reused, we make the repeated allocations in nss_create_object,
> increasing memory usage, until the session ends and curl_easy_cleanup is
> called.
>
> Is this the case, and should it be so? Or is there/should there be some
> intermediary cleanup routine, or an ability to reuse the certificate
> information without the reallocation?

How much does the memory usage grow per connection?

If it is a significant amount of memory, you may consider to update
libnnspem.so to an up2date version. The latest sources are available
here:

https://git.fedorahosted.org/cgit/nss-pem.git

In particular, the following patches inhibited the excessive memory usage:

https://git.fedorahosted.org/cgit/nss-pem.git/commit/?id=769549bd
https://git.fedorahosted.org/cgit/nss-pem.git/commit/?id=271ab3cf

If it grows just a few bytes per connection, it is a known bug that nobody
complained enough about to get it actually fixed. You can find details in
the following upstream bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=402712#c58

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-20

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: SSL certificates and increasing memory usage"
Previous message: Jonathan Nieder: "[PATCH curl 7/7] url: handle arbitrary-length username and password before '@'"
In reply to: Jerry Blakley: "SSL certificates and increasing memory usage"
Next in thread: Daniel Stenberg: "Re: SSL certificates and increasing memory usage"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]