That'd do it. But if you're doing the loop in that sequence, and if you have set non-blocking on the sockets, then instead of polling for the connection you can use select or poll (depending on your platform) to wait for incoming connection activity, then enter ssl_accept in blocking mode which would probably cut down on those fake errors. Wouldn't this be a better sequence?
If you are worried about inserting another call in the sequence... Being in blocking mode at this stage shouldn't adversely affect performance as the connection thread would only be in a polling loop during this period anyway in this code example. Being in a time-limited wait during select only aids performance as it allows the client serving threads access to the time-slice for the process which would otherwise be tied up in the polling loop. The new select() call could adversely impact performance if you have to service a continual stream of new client connections that prevent the select() from blocking at all, but that is unlikely in the real world. Regards, Simon - -- Simon Edwards -----Original Message----- From: Cesc [mailto:[EMAIL PROTECTED] Sent: 19 July 2005 09:58 To: openssl-users@openssl.org Subject: Re: Investigating a leak On 7/19/05, Rich Salz <[EMAIL PROTECTED]> wrote: > > Doing this now, but since my app is a server, it never really reaches > > the end, and the leaks build up during its lifetime, which I'd rather > > hoped could be more than a day or so. As it is now, the process' > > virtual memory size quickly reaches 3.5 GB, and then malloc() starts > > failing. > > Something wrong is happening. Lots of folks are running apache/openssl > servers for days, weeks, etc., at a time. > > If you're seeing memory leaks like you describe, then it is far more > likely that the like is either in your code, or there's a bug in the way > you're calling OpenSSL. Do you get the same growth when openssl isn't > used? Make sure you "xxx_free" every object you "xxx_new". > > /r$ > Hi, I was looking at the code ... could it be that the memory leak is in the main server loop? Sometimes, the ssl_accept may return 0, but with an error code like SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, which just means that could not complete the handshake, but not really an error (just call ssl_accept again ... ). But in you main server thread, you just do a continue, thus looping again ... and creating a brand new ssl structure and socket ... you should loop() { create the tcp socket loop () { ssl_accept from the tcp socket till non-zero } } Take a look at the examples that come with openssl. Regards, Cesc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This message has been scanned for viruses by MailController - www.MailController.altohiway.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
