On Mon, Aug 17, 2015 at 9:27 PM, Niels Peen <niels at peen.ch> wrote: > Hi Nikos, > I run two configurations on each server, one using radius authentication and one using client-certificate authentication. The configuration is identical otherwise. > When I reload through occtl the certificate version significantly increases in size (both VIRT and RES) while the radius version maintains a stable size no matter how many times I reload. Hi, I could not figure how to reproduce that. My main process remained unchanged after reloads using the sample config and certificate auth. Could you send me some steps to be able to reproduce the issue? If there is some issue it should not be apparent as all the certificate handling is done on the worker process (where leaks don't really matter) or the sec-mod process. Fortunately sec-mod seems to remain unchanged after your reload. > root at X:~# ps auxw|grep ocserv > root 5717 0.0 25.9 334520 198064 ? Ss Aug14 0:02 /usr/local/sbin/ocserv --foreground -c /etc/ocserv/ocserv-cert-X.conf > root 5718 0.0 0.5 85948 4156 ? S Aug14 0:00 /usr/local/sbin/ocserv --foreground -c /etc/ocserv/ocserv-cert-X.conf > root at X:~# occtl -s /var/run/occtl-cert-X.socket reload > Server scheduled to reload > root at X:~# ps auxw|grep ocserv > root 5717 0.0 29.6 362028 225756 ? Ss Aug14 0:02 /usr/local/sbin/ocserv --foreground -c /etc/ocserv/ocserv-cert-X.conf > root 5718 0.0 0.5 85948 4400 ? S Aug14 0:00 /usr/local/sbin/ocserv --foreground -c /etc/ocserv/ocserv-cert-X.conf > root at X:~# > I didn?t notice this before as I had a habit to restart ocserv rather than reload it. It was happening with 10.5 when I noticed it a few days ago. Updating to 10.7 did not fix it. btw. did you have any issues with the "enable-auth certificate" option? Its purpose was to eliminate the need for two servers. regards, Nikos