Pavel Hlavnicka wrote:
Hi all,
I'm not 100% sure, this is the best place to announce my discovery, but it will find the right person here, I hope.
I met the significant memory leak in the Crypt::SSLeay, as I was using LWP HTTPS connection with the client certificate in PKCS12 format.
I will look at integrating this patch for the next release & will followup with any question/testing/etc.
BTW. what about HTTPS connection timeouts? :) There are many questions about this and no good answers. From my point of view, this is a pretty though issue, preventing many users to design robust applications (mainly for automated machin-e to machine communications).
Crypt::SSLeay should honor timeouts set. What it actually does is use alarm() to alarm in $socket->timeout / 2... the reason is that Net::SSL on the backend will actually try up to 3 different SSL version connection (v23, v3, v2), so it leaves room for 2 such connection attempts in the time in a kind of averaging. Do you find that Crypt::SSLeay does not timeout well enough for your application development needs? If you are using LWP::UserAgent, does $ua->timeout(15) not work well? Regards, Josh ________________________________________________________________ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc. http://www.chamas.com NodeWorks Link Checking http://www.nodeworks.com
