I'm using OpenSSL 1.1.0f in a client application. My implementation is using up memory like crazy, so I must not be doing something right.
I read that 1.1.0 no longer needs explicit library initialization, so I've take out the one-time calls (like SSL_library_init() and SSL_load_error_strings()). I create an SSL_CTX object and an SSL object for each communication I have to do. The connections may use different certificate/key files so I create and destroy these objects for each connection (I'm using non-blocking sockets on a Windows platform). Having tried numerous variations, I'm currently using this code to create the objects: const SSL_METHOD* meth = SSLv23_method(); ssl_ctx = SSL_CTX_new(meth); SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, nullptr); SSL_CTX_set_quiet_shutdown(ssl_ctx, 1); // non-standard. SSL_CTX_sess_set_cache_size(ssl_ctx, 1); // no longer needed after adding next line (?) SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF); // setup certificate file, private key file, password, etc. SetupContext(info); ssl = SSL_new(ssl_ctx); bio[BIO_SEND] = BIO_new(BIO_s_mem()); bio[BIO_RECV] = BIO_new(BIO_s_mem()); SSL_set_bio(ssl, bio[BIO_RECV], bio[BIO_SEND]); and the clean up at the end of the communication is done this way: if ( nullptr != ssl ) { SSL_shutdown(ssl); SSL_CTX_free(ssl_ctx); SSL_free(ssl); // free's the two bio buffers associated with it. ssl = nullptr; } What am I missing? Thanks. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-Dev-f29372.html -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev