On Wed, Jan 20, 2021 at 11:33:21AM +0530, Harish Kulkarni wrote:
> I am working on memory analysis of OpenSSL. One of the observation is the
> memory allocated by d2i_X509() API (returned in x) is not being freed after
> the connection is closed.. and this memory is stored as part of session.. I
> want to limit number of sessions which we cache for re-use.. or if possible
> completely avoid session caching.
You still have not explicitly stated whether the issue is server-side or
client-side. Reading between the lines, it seems to be client-side.
The server certificate is an expectedd part of the session object. When
you free the session object, the certificate object is also freed.
In OpenSSL, X.509 certificate objects are reference-counted, you also
need to be careful with functions that inspect the server certificate
and increment its reference count as a side-effect. If you use these,
you need to call X509_free() when the returned certificate is no longer
needed.
There is no automatic client-side session reuse in OpenSSL, so you don't
need to do anything to avoid resuming sessions. Internal caching of
client-side sessions is off by default. See the manual page of
SSL_CTX_set_session_cache_mode(3).
--
Viktor.
