[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificates and memory use

To: David Hawes <dhawes@vt.edu>, openldap-software@openldap.org
Subject: Re: TLS client certificates and memory use
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 25 Nov 2008 17:18:16 -0800
Content-disposition: inline
In-reply-to: <492C9754.2060700@vt.edu>
References: <492C9754.2060700@vt.edu>

--On Tuesday, November 25, 2008 7:24 PM -0500 David Hawes <dhawes@vt.edu> wrote:

I was doing some testing and noticed that when I search for entries
using TLS, significantly more memory is used when using client
certificates than without them.  In fact, memory will eventually be
exhausted if the searches are performed indefinitely.  Without using
them, memory use stays (around) the same value.

I stripped down the config, removed all ACLs except one (to disallow
access), and started with an empty database, and get the same results.

I've noticed this in 2.4.11, 2.4.12, and 2.4.13 with OpenSSL 0.9.8i.  I
do not notice it with an old 2.3.39 instance.

Has anyone noticed anything similar, or can anyone reproduce this?

Have you run OpenLDAP in this situation under valgrind to see where the leak is occurring?

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: TLS client certificates and memory use
  - From: David Hawes <dhawes@vt.edu>

References:
- TLS client certificates and memory use
  - From: David Hawes <dhawes@vt.edu>

Prev by Date: Re: Can't get olcPasswordHash to take effect...
Next by Date: Re: TLS client certificates and memory use
Index(es):
- Chronological
- Thread