[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificates and memory use



Quanah Gibson-Mount wrote:
> --On Tuesday, November 25, 2008 7:24 PM -0500 David Hawes
> <dhawes@vt.edu> wrote:
> 
>> I was doing some testing and noticed that when I search for entries
>> using TLS, significantly more memory is used when using client
>> certificates than without them.  In fact, memory will eventually be
>> exhausted if the searches are performed indefinitely.  Without using
>> them, memory use stays (around) the same value.
>>
>> I stripped down the config, removed all ACLs except one (to disallow
>> access), and started with an empty database, and get the same results.
>>
>> I've noticed this in 2.4.11, 2.4.12, and 2.4.13 with OpenSSL 0.9.8i.  I
>> do not notice it with an old 2.3.39 instance.
>>
>> Has anyone noticed anything similar, or can anyone reproduce this?
> 
> Have you run OpenLDAP in this situation under valgrind to see where the
> leak is occurring?

I have not, but I intend to do that next.  I'll be sure to post the results.