High heap allocation by the /cacerts-operation on the server #56

McRoot12 · 2017-08-18T18:12:40Z

I was able to reach more than 100 MiB ram usage on the server by issuing /cacerts requests.
This only happens when using TLS mutual authentication.
When i use http authentication it stops increasing heap after reaching 28.8 MiB.

The analysis with valgrind memcheck does not find any memory leaks.

Instructions for reproduction:

server:

#create CA for the server
cd example/server/
./createCA.sh

#launch server
./runserver.sh

client:

cd example/client/
export EST_OPENSSL_CACERT=../server/estCA/cacert.crt

#create client certificate
openssl ecparam -name prime256v1 -genkey -out privkey.pem
./estclient -e -s 127.0.0.1 -p 8085 -u estuser -h estpwd -x privkey.pem -o ./
cat cert-0-0.pkcs7 | base64 -d | openssl pkcs7 -inform DER -print_certs > cert.pem

#execute the client
for i in {1..50000};
do ./estclient -g -s 127.0.0.1 -p 8085 -c cert.pem -k privkey.pem -o ./;
echo "$i"; 
done

look at the increasing memory of the process lt-estserver.
You can speed up the process by running multiple clients (i used three clients).

McRoot12 linked a pull request Aug 24, 2017 that will close this issue

remove SSL_OP_NO_TICKET #57

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High heap allocation by the /cacerts-operation on the server #56

High heap allocation by the /cacerts-operation on the server #56

McRoot12 commented Aug 18, 2017

High heap allocation by the /cacerts-operation on the server #56

High heap allocation by the /cacerts-operation on the server #56

Comments

McRoot12 commented Aug 18, 2017

Instructions for reproduction: