Hi,
I have recently started developing using OpenSSL and i am confused/unclear about below topic.
Request you to help me.
I am running a DTLS Server which handles more than 1000 connections.
The problem i am facing is every time I close connections and also connect again I see there is some RAM memory utilization increases.
I wonder there is a leak in memory from my below approach of calling functions
"Initialize_Sever_Context" ,
"create_connexion" and
"close_connexion".
The exact code is too big to create actual scenario, so i just outlined the steps.
Pls let me know if any extra information is required?
I am using OpenSSL version 1.1.1k on Linux.
//connect_info structure user defined
{
void* sll;
void* bio;
....
}array_of_connections
*connect_info = &array_of_connections;
// global
SSL_CTX* server_ctx;
Initialize_Sever_Context()
{
// server_ctx is global
server_ctx = SSL_CTX_new(DTLS_server_method());
X509_VERIFY_PARAM *local_vpm = X509_VERIFY_PARAM_new()
//setting verify flags, cookie flags and cypher lists etc..
//....
SSL_CTX_set1_param(server_ctx, local_vpm);
X509_VERIFY_PARAM_free(local_vpm);
}
create_connexion(connect_info)
{
// server_ctx is global
ssl = SSL_new(server_ctx);
bio = BIO_new_dgram(handler, BIO_NOCLOSE); //not sure it is ok to use BIO_CLOSE
..
..
SSL_set_bio(ssl, bio, bio);
connect_info->ssl = ssl;
connect_info->bio = bio;
}
//pre connection close
handle_closed_connexions()
{
for(conn = 1; conn<MAX_CONN;conn++)
{
close_connexion(connect_info[conn]);
}
}
// frees the existing closed connections and make SSL ready to handle new connections
close_connexion(connect_info)
{
// store prev ssl objects
SLL *local_ssl = connect_info -> ssl;
// make setup ready for the next connexions
// and start listening
create_connexion(connect_info)
// free the previous closed connections
// frees the server_ctx also from inside
SSL_free(local_ssl);
}
Inside SSL_free we have BIO_free_all(s->rbio), BIO_free_all(s->rbio) and BIO_CTX_free(s->ctx) and finally OPENSSL_free(s)
As far as i understand when we do SSL_free, all the members(pointers) inside SLL object are freed.
So i expect the application to crash.(because "server_ctx" is a global pointer which will be set to "s->ctx" through function SSL_new and also freed by SLL_free and after free i am not setting
server_ctx = NULL also not calling SSL_CTX_new(DTLS_server_method());)
But my application is working fine.
My doubt is , does OpenSSL cache the context detail inside SSL, some where?
or
I Should set server_context to NULL and allocate memory for every new connection which was closed before?
Regards,
Chand
