Yes... sorry, forgot to include this part of my shutdown sequence. One thing I
am noticing is that I do not call X409_free on my certs. I even have a comment
in my code saying that I am not freeing them because I think they will be freed
when the SSL_CTX is freed. Is that a correct assumption or should I be calling
X509 free on them explicitly?
Here's the extra code that I forgot to include:
STATUS
SSL_shutDown()
{
// Client
if (clientCtxt != NULL)
{
SSL_CTX_free (clientCtxt);
clientCtxt = NULL;
}
// View
clearCertsVector (getCertCachePointer (SSL_TYPE_VIEW));
if (pViewKeyCache != NULL)
{
EVP_PKEY_free (pViewKeyCache);
pViewKeyCache = NULL;
}
if (viewServerCtxt != NULL)
{
SSL_CTX_free (viewServerCtxt);
viewServerCtxt = NULL;
}
// Web - only if server supports HTTPS
if (supportHTTPS)
{
clearCertsVector (getCertCachePointer (SSL_TYPE_WEB));
if (pPendingWebKeyCache != NULL)
{
EVP_PKEY_free (pPendingWebKeyCache);
pPendingWebKeyCache = NULL;
}
if (pWebKeyCache != NULL)
{
EVP_PKEY_free (pWebKeyCache);
pWebKeyCache = NULL;
}
if (webServerCtxt != NULL)
{
SSL_CTX_free (webServerCtxt);
webServerCtxt = NULL;
}
}
CHECK_911 (BIO_free (out) > 0);
openSslShutdown ();
return SUCCESS;
}
static void
clearCertsVector(CERTS_VECTOR* certs)
{
//Not freeing certs because they will be
// freed when context is destroyed
if(certs != NULL)
{
certs->clear();
}
}
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com | 585.421.5565
________________________________________
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Dr. Stephen Henson [st...@openssl.org]
Sent: Friday, November 21, 2014 12:26 PM
To: openssl-users@openssl.org
Subject: Re: Small memory leak on multithreaded server
On Fri, Nov 21, 2014, Barbe, Charles wrote:
> Thanks for the response... here is the code that runs when my connection
> closes:
>
> void OpensslConnection::cleanup()
> {
> if(ssl != NULL)
> {
> if(isConnected)
> {
> while(SSL_shutdown(ssl) == 0)
> ;
> }
> SSL_free(ssl);
> ERR_remove_state(0);
> ssl = NULL;
> }
>
> isConnected = false;
> }
>
> And here is the code that runs to shut down my SSL library:
>
> static void
> openSslShutdown ()
> {
> CONF_modules_free();
> ERR_remove_state(0);
> CONF_modules_unload(1);
> ERR_free_strings();
> EVP_cleanup();
> CRYPTO_cleanup_all_ex_data();
>
> if (opensslLocks != NULL)
> {
> for(int i = 0; i < CRYPTO_num_locks(); i++)
> {
> PAL_mutexDestroy (opensslLocks[i]);
> }
>
> IST_FREE (opensslLocks);
> }
> }
>
> Also, I have numerous worker threads handling connections and they all do the
> following before they exit:
>
> ERR_remove_thread_state(0);
>
You are calling SSL_CTX_free aren't you?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
