After conducting several tests is appears there is a major memory leak in mod_ssl/OpenSSL when using either the worker (Linux) or mpm_winnt (Windows) MPM modules.
I have been tracking this down for a couple of weeks and thought it was in the code my company is developing and it appears that is not the case. In order to eliminate our code from the mix and isolate the problem here is what I did:
This was done on Windows and Linux:
1. Download the latest Apache from www.apache.org.
2. Download the latest OpenSSL from www.openssl.org.
3. Build them both, with apache add the mod_ssl option and also for Linux use the MPM worker module.
4. Install and modify the ssl.conf file ServerName value.
5. Run Apache (httpd)
6a. Run the Performance monitor on Windows and look at Private Bytes for the second Apache process.
6b. On Linux run top -p pid(httpd1) -p pid(http2) ….. -p pid(httpN) watching the size of the processes
7. Set you browser to not cache requests and check for a new page every time.
8. Start fetching a page from https://localhost and keep refreshing the page.
So far 3 other engineers have reproduced this test because they did not believe the problem could be in Apache mod_ssl/OpenSSL, they all verified that it leaks like a sieve.
We where all trying to figure out why no one else has complained about such a huge leak so we ran another test. We tried using the prefork MPM and it turns out that worked fine. Based on the results it appears the OS is cleaning up memory for the prefork module and the threaded model never gets its memory freed. I have used a debugger on Windows and set break points on the CRYPTO_malloc and CRYPTO_free functions and have seen gobs of memory CRYPTO_malloc(ed) and not one time have I seen CRYPTO_fee called. I was not sure if having the OS cleanup memory was part of the design (if indeed that is what is happening) or if there is potentially a problem in the OpenSSL memory management code.
With all this said, I am by no means an expert on this code and could really use some help understanding what is going on here?
Thanks,
Ken
