Re:about ssl_accept and memory leak

Tue, 28 Dec 2010 17:21:07 -0800 

dear all:
    No one encountered this problem?



>From: "" <lizhip...@cnnic.cn>
>Reply-To: openssl-users@openssl.org
>To: openssl-users@openssl.org
>Subject: about ssl_accept and memory leak
>Date:Mon, 27 Dec 2010 13:38:49 +0800
>
>Dear openssl-users£¬
>  
>  
> When using the openssl and found a large number of connections during the
> establishment of the memory has been growing closed, the test found that when
the
> memory is increased to 317548K, the not increased, the initial memory, only a
few
> K, very strange.  
> why? How can I resolve it? 
> thank u!
>  
> code£º
> server.c
> 
> 
> #include <stdio.h>
> #include <stdlib.h>
> #include <errno.h>
> #include <string.h>
> #include <sys/types.h>
> #include <netinet/in.h>
> #include <sys/socket.h>
> #include <sys/wait.h>
> #include <unistd.h>
> #include <arpa/inet.h>
> #include <openssl/ssl.h>
> #include <openssl/err.h>
> #include <string>
> using namespace std;
> 
> 
> 
> 
> std::string a_serverCert = "server_cert/newcert.pem";
> std::string a_serverKey = "server_cert/newkey.pem";
> std::string a_trustCert = "server_cert/cacert.pem";
> std::string a_password = "1234";
> 
> 
> #define MAXBUF 1024
> 
> 
> int main(int argc, char **argv)
> {
>     int sockfd, new_fd;
>     socklen_t len;
>     struct sockaddr_in my_addr, their_addr;
>     unsigned int myport, lisnum;
>     char buf[MAXBUF + 1];
>     SSL_CTX *ctx;
> 
>     myport = 8899;
> 
> 
>     lisnum = 2;
> 
> 
>     SSL_library_init();
>   
>     OpenSSL_add_all_algorithms();
>    
>     SSL_load_error_strings();
>  
>     ctx = SSL_CTX_new(SSLv23_server_method());
>   
>     if (ctx == NULL) {
>         ERR_print_errors_fp(stdout);
>         exit(1);
>     }
>     
>     if (SSL_CTX_use_certificate_file(ctx, a_serverCert.c_str(),
SSL_FILETYPE_PEM)
> <= 0) {
>         ERR_print_errors_fp(stdout);
>         exit(1);
>     }
> 
> 
> //set the key file's password.
> SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*) (a_password.c_str()));
> 
> 
>     
>     if (SSL_CTX_use_PrivateKey_file(ctx, a_serverKey.c_str(), 
> SSL_FILETYPE_PEM)
<=
> 0) {
>         ERR_print_errors_fp(stdout);
>         exit(1);
>     }
>    
>     if (!SSL_CTX_check_private_key(ctx)) {
>         ERR_print_errors_fp(stdout);
>         exit(1);
>     }
> 
> 
> //set vefify client, the server will verify client's certification
> SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
> 
> 
> //load trust certification. it is CA root certification or user's 
> certification
> SSL_CTX_load_verify_locations(ctx, a_trustCert.c_str(), NULL);
> 
> 
>     
>     printf("socket creating......  \t\t");
>     if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) 
>        {
>         perror("socket");
>         exit(1);
>        }
>      else
>        printf("socket created.\n");
> 
> 
>     bzero(&my_addr, sizeof(my_addr));
>     my_addr.sin_family = PF_INET;
>     my_addr.sin_port = htons(myport);
>     my_addr.sin_addr.s_addr = INADDR_ANY;
> 
> 
>     printf("bingding......\t\t\t");
>     if (bind(sockfd, (struct sockaddr *) &my_addr, sizeof(struct sockaddr))
>         == -1) {
>         perror("bind");
>         exit(1);
>     } else
>         printf("binded.\n");
> 
> 
>     if (listen(sockfd, lisnum) == -1) {
>         perror("listen");
>         exit(1);
>     } else
>         printf("begin listen......\n");
> 
> 
>     while (1)
> {
>         SSL *ssl;
>         len = sizeof(struct sockaddr);
>         
>         if ((new_fd =
>              accept(sockfd, (struct sockaddr *) &their_addr,
>                     &len)) == -1) {
>             perror("accept");
>             //exit(errno);
> continue;
>         } else
>             printf("server: got connection from %s, port %d, socket %d\n",
>                    inet_ntoa(their_addr.sin_addr),
>                    ntohs(their_addr.sin_port), new_fd);
> 
> 
>         
>         ssl = SSL_new(ctx);
>         
>         SSL_set_fd(ssl, new_fd);
>        
>         if (SSL_accept(ssl) == -1) {
>             perror("accept");
>             close(new_fd);
>            continue;
>         }
> 
> 
>       
>         bzero(buf, MAXBUF + 1);
>         
>  //       scanf("%[^\n]",buf);
> 
> 
> //         
> //         len = SSL_write(ssl, buf, strlen(buf));
> // 
> //         if (len <= 0) {
> //             printf
> //                 ("send msg:'%s' failed£¡error code:%d£¬error info'%s'\n",
> //                  buf, errno, strerror(errno));
> //             goto finish;
> //         } else
> //             printf("send msg:'%s' ok£¬len:%d\n",
> //                    buf, len);
> 
> 
>         bzero(buf, MAXBUF + 1);
>        
>         len = SSL_read(ssl, buf, MAXBUF);
>         if (len > 0)
>             printf("read msg:'%s'£¬len:%d \n",
>                    buf, len);
>         else
>             printf
>                 ("read failed£¡error code:%d£¬error info: '%s'\n",
>                  errno, strerror(errno));
>         
>       finish:
>       
>         SSL_shutdown(ssl);
>        
>         SSL_free(ssl);
>         
>         close(new_fd);
>     }
> 
> 
>    
>     close(sockfd);
>     SSL_CTX_free(ctx);
>     return 0;
> }
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to