Hi, I tried with minimal client code to check if there is a similar leak. There wasn't. In my application code , I had the following:
ssl = SSL_new (ctx); SSL_set_session(ssl, sess); SSL_connect (ssl); sess = SSL_get1_session(ssl); SSL_CTX_add_session(ctx,sess); // to determine if the session was reused. and later I was freeing SSL_free(ssl); This resulted in meamory leak as reported by Valgrind. Later I used SSL_get_session(ssl) instead of SSL_get1_session(ssl). And did not have SSL_CTX_add_session(ctx,sess). There was no issues this time. Seems like the increment of reference count in SSL_CTX_add_session(ctx,sess) leads to leak even though SSL_free is called. I was using the API SSL_CTX_add_session(ctx,sess) to deterine if the session was being reused. With this as well there is considerable loss of memory. Is there other API in OpenSSL which lets us know if a session was reused? Thanks&Regards, Prabhu. S On 8/16/07, Prabhu S <[EMAIL PROTECTED]> wrote: > > Hi, > > I obtain the following error leak summary with Valgrind for a single SSL > connect with the server > > ==20626== 3,689 (200 direct, 3,489 indirect) bytes in 1 blocks are > definitely lost in loss record 134 of 147 > ==20626== at 0x40046C1: malloc (vg_replace_malloc.c:149) > ==20626== by 0x4565E6A: default_malloc_ex (mem.c:79) > ==20626== by 0x45663EC: CRYPTO_malloc (mem.c:304) > ==20626== by 0x43A3691: SSL_SESSION_new (ssl_sess.c:110) > ==20626== by 0x43A3807: ssl_get_new_session (ssl_sess.c:177) > ==20626== by 0x438948C: ssl3_client_hello (s3_clnt.c:538) > ==20626== by 0x4388D35: ssl3_connect (s3_clnt.c:243) > ==20626== by 0x439F6AB: SSL_connect (ssl_lib.c:850) > > Is this a memory leak. If I run the client application under stress, I run > into issues with available swap size reducing to zero( free -m command) > ..I have resolved significant application memory leak. Still I run into > problem in stress test. > > Any suggestions? > > Regards, > Prabhu. S > > >
