SSL_CTX_load_verify_locations was SSL_shutdown never returns 1

[Andy Murphy]

Well I've found out what is taking the memory and it's this: 
SSL_CTX_load_verify_locations.  I'm calling it for each SSL_CTX, which is being 
done on each "ping" and the memory usage is just going up and up and up.  Is 
there a method to call that will clear down this memory after I've done with a 
ping?  I can't see anything in the documentation.

Thanks
Andy

> -----Original Message-----
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Andy Murphy
> Sent: 19 May 2009 10:15
> To: openssl-users@openssl.org
> Subject: RE: SSL_shutdown never returns 1
> 
> Hi Kyle, thanks for the response (although I missed it at first).
> 
> I do get a SSL_ERROR_SYSCALL although a subsequent call to
> ERR_error_string gives me nothing.  I'm now not sure that I'm on the
> correct track though as I'll explain.
> 
> * We use OpenSSL to secure a "ping" from a mobile device to a server so
> that we can then receive data later.
> 
> * We are seeing what we thought was a memory leak with each ping,
> although checking with Entrek CodeSnitch shows that we are getting a
> leak of 2.6MB whether we send a ping, once, ten or a hundred times.  I
> believe that this is linked to the SSL_library_init method (which we
> only call once per application) and the fact that we don't call
> EVP_cleanup.
> 
> * Both the SSL_CTX and SSL objects are cleared after each use using
> SSL_CTX_free and SSL_free and both of their reference counts are set to
> 0 after the freeing.
> 
> * We get a steady 200k "leak" for each call.  I read somewhere that
> OpenSSL keeps an internal cache and am wondering if this could be the
> cause.
> 
> A bit more history is that as always the original developer has long
> flown the nest so I'm learning the library here.
> 
> Thanks for any help you can give.
> 
> Andy
> 
> 
> > -----Original Message-----
> > From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> > us...@openssl.org] On Behalf Of Kyle Hamilton
> > Sent: 14 May 2009 18:10
> > To: openssl-users@openssl.org
> > Subject: Re: SSL_shutdown never returns 1
> >
> > If you expect no more data from the client, you can simply destroy
> the
> > SSL context at the point you first call it (even if it returns 0).
> It
> > will only return 1 if it has received the peer's close_notify, and
> > it's possible that those peers failed to send it.  (Do you get an
> > SSL_ERROR_SYSCALL with EINVAL or EPIPE?)
> >
> > -Kyle H
> >
> > On Thu, May 14, 2009 at 7:31 AM, Andy Murphy <an...@tbsmobility.com>
> > wrote:
> > > Hi, we are trying to track down a memory leak that occurs when we
> run
> > secure
> > > comms using the OpenSSL library.  Now we’ve had this before where
> we
> > thought
> > > it was the library but I tracked it down to us not using the word
> > virtual on
> > > our base class’ destructor, so I’m not about to start blaming
> OpenSSL
> > again
> > > J.
> > >
> > >
> > >
> > > I have however seen from some other threads that if SSL_shutdown
> does
> > not
> > > return 1 then there could be a leak.  Our logs show that two
> attempts
> > to
> > > call SSL_shutdown do not result in 1 coming back and I’ve just
> tried
> > it in a
> > > never-ending while loop and well, it never ended, suggesting that
> we
> > are
> > > doing something wrong.
> > >
> > >
> > >
> > > Do we know what SSL_shutdown depends on in order to be able to
> > shutdown
> > > correctly and thus free the memory used for the connection?
> > >
> > >
> > >
> > > Cheers
> > >
> > >
> > >
> > > Andrew Murphy
> > >
> > > Senior Software Developer
> > >
> > > Ironstone House, Kedleston Close, Belper,
> > >
> > > Derbyshire, England DE56 1TZ
> > >
> > > Office Reception: +44 1773 596900
> > > Fax: +44 1773 596901
> > >
> > > Skype: andyleemurphy
> > > Web: www.tbsmobility.com
> > > Email: andrew.mur...@tbsmobility.com
> > >
> > >
> >
> ______________________________________________________________________
> > OpenSSL Project
> http://www.openssl.org
> > User Support Mailing List                    openssl-
> us...@openssl.org
> > Automated List Manager
> majord...@openssl.org
> :Irå1zyz
:��I"Ϯ��r�m����
(����Z+�K�+����1���x��h����[�z�(����Z+���f�y�������f���h��)z{,���