I'm using *X509_load_cert_crl_file*(openssl) to load the CRL file into the CTX and create SSL for ssl_accept handshake. For each SSL connection that has CRL file(600KB) loaded used up 10 times memory more than SSL connection that doesn't load CRL. The system is having >300 ports that serving TLS for 300 different config, where there will be 300 different CTX created where each CTX will only serve only 1 TLS connection. That has use up most of the system memory. If the CTX is only used during the handshake, how to force the CTX to be cleanup, or at least cleanup the CRL/cert store in CTX, after the handshake completed? To optimize the server memory, can I use *SSL_CTX_set_cert_store(ssl->ctx, X509_STORE_new())* to force all X509_store to be cleanup after handshake? Will there be any side effect? /*OCSP is not an option in the server/ -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
