[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificates and memory use



--On Tuesday, November 25, 2008 7:24 PM -0500 David Hawes <dhawes@vt.edu> wrote:

I was doing some testing and noticed that when I search for entries
using TLS, significantly more memory is used when using client
certificates than without them.  In fact, memory will eventually be
exhausted if the searches are performed indefinitely.  Without using
them, memory use stays (around) the same value.

I stripped down the config, removed all ACLs except one (to disallow
access), and started with an empty database, and get the same results.

I've noticed this in 2.4.11, 2.4.12, and 2.4.13 with OpenSSL 0.9.8i.  I
do not notice it with an old 2.3.39 instance.

Has anyone noticed anything similar, or can anyone reproduce this?

Have you run OpenLDAP in this situation under valgrind to see where the leak is occurring?


--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration