I have a huge memory leak when I have the SSL Server authenticate the
client's Certificate.
Can anyone give me some insight? I don't have much info to give anyone.
The only call's that are different between my Authenticated and
Un-Authenticated versions are these:
// no Auth
SSL_CTX_set_verify ( pctxSSLContext,
SSL_VERIFY_NONE,
NULL);
// Auth
SSL_CTX_set_verify ( pctxSSLContext,
SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT
| SSL_VERIFY_CLIENT_ONCE,
VerificationCallback);
All other calls are identical for the Authenticated and Unauthenticated
modes of operation.
"VerificationCallback" is effectively empty:
extern "C" int VerificationCallback (int ok, X509_STORE_CTX *x_ctx)
{
printf ("VERIFY CERTIFICATE...OpenSSL suggests: %s\n", ok ?
"Accept" : "REJECT!");
return (ok); // use OpenSSL's recommendation
}
Is there anything special that I should be doing to free up anything extra
in the Authenticated case?
I am already using the patched ERR_remove_state in "err.c" as suggested in
the Listserver thread with Arora Meenakshi a couple weeks back.
Again, my non-authenticated SSL Server connections and even my Authenticated
SSL Client connections either don't leak or leak very, very, slowly. This
Authenticated mode leak is HUGE, though - on the order of 1MB per 100
connections!!!
Can anyone help me or offer some places to at least start looking??
Thanks,
Bill Rebey
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
