Fix #1843 Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping a filedescriptor open for each node-certificate in the cluster and each request, thus eventually reaching its NOFile limit.
In accordance with the SSLeay docs: https://metacpan.org/pod/Net::SSLeay Signed-off-by: Stoiko Ivanov <s.iva...@proxmox.com> --- Would it make sense to unify the certificate reading here with the methods we have in pve-common/src/PVE/Certificate.pm? It took me longer to find the bug, since I was focussed on the missing BIO_free in a method there. data/PVE/Cluster.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm index 7569abc..6dc41ce 100644 --- a/data/PVE/Cluster.pm +++ b/data/PVE/Cluster.pm @@ -1537,6 +1537,7 @@ sub read_ssl_cert_fingerprint { Net::SSLeay::BIO_free($bio); die "unable to read certificate from '$cert_path'\n"; } + Net::SSLeay::BIO_free($bio); my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256'); Net::SSLeay::X509_free($cert); -- 2.11.0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
