Yes... sorry, forgot to include this part of my shutdown sequence. One thing I am noticing is that I do not call X409_free on my certs. I even have a comment in my code saying that I am not freeing them because I think they will be freed when the SSL_CTX is freed. Is that a correct assumption or should I be calling X509 free on them explicitly?
Here's the extra code that I forgot to include: STATUS SSL_shutDown() { // Client if (clientCtxt != NULL) { SSL_CTX_free (clientCtxt); clientCtxt = NULL; } // View clearCertsVector (getCertCachePointer (SSL_TYPE_VIEW)); if (pViewKeyCache != NULL) { EVP_PKEY_free (pViewKeyCache); pViewKeyCache = NULL; } if (viewServerCtxt != NULL) { SSL_CTX_free (viewServerCtxt); viewServerCtxt = NULL; } // Web - only if server supports HTTPS if (supportHTTPS) { clearCertsVector (getCertCachePointer (SSL_TYPE_WEB)); if (pPendingWebKeyCache != NULL) { EVP_PKEY_free (pPendingWebKeyCache); pPendingWebKeyCache = NULL; } if (pWebKeyCache != NULL) { EVP_PKEY_free (pWebKeyCache); pWebKeyCache = NULL; } if (webServerCtxt != NULL) { SSL_CTX_free (webServerCtxt); webServerCtxt = NULL; } } CHECK_911 (BIO_free (out) > 0); openSslShutdown (); return SUCCESS; } static void clearCertsVector(CERTS_VECTOR* certs) { //Not freeing certs because they will be // freed when context is destroyed if(certs != NULL) { certs->clear(); } } Charles A. Barbe Senior Software Engineer Allworx, a Windstream company 245 East Main St | Rochester NY | 14604 charles.ba...@allworx.com | 585.421.5565 ________________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Dr. Stephen Henson [st...@openssl.org] Sent: Friday, November 21, 2014 12:26 PM To: openssl-users@openssl.org Subject: Re: Small memory leak on multithreaded server On Fri, Nov 21, 2014, Barbe, Charles wrote: > Thanks for the response... here is the code that runs when my connection > closes: > > void OpensslConnection::cleanup() > { > if(ssl != NULL) > { > if(isConnected) > { > while(SSL_shutdown(ssl) == 0) > ; > } > SSL_free(ssl); > ERR_remove_state(0); > ssl = NULL; > } > > isConnected = false; > } > > And here is the code that runs to shut down my SSL library: > > static void > openSslShutdown () > { > CONF_modules_free(); > ERR_remove_state(0); > CONF_modules_unload(1); > ERR_free_strings(); > EVP_cleanup(); > CRYPTO_cleanup_all_ex_data(); > > if (opensslLocks != NULL) > { > for(int i = 0; i < CRYPTO_num_locks(); i++) > { > PAL_mutexDestroy (opensslLocks[i]); > } > > IST_FREE (opensslLocks); > } > } > > Also, I have numerous worker threads handling connections and they all do the > following before they exit: > > ERR_remove_thread_state(0); > You are calling SSL_CTX_free aren't you? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org