On 24/02/2016 11:17 p.m., Steve Hill wrote: > On 23/02/16 21:28, Amos Jeffries wrote: > >> Ah, you said "a small number" of wiki cert strings with those details. I >> took that as meaning a small number of definitely squid generated ones >> amidst the 130K indeterminate ones leaking. > > Ah, a misunderstanding on my part - sorry. Yes, there were 302 strings > containing "signTrusted" (77 of them unique), all of them appear to be > server certificates (i.e. with a CN containing a domain name), so it is > possibly reasonable to assume that they were for in-progress sessions > and would therefore be cleaned up. > > This leaves around 131297 other subject/issuer strings (581 unique) > which, to my mind, can't be explained by anything other than a leak > (whether that be a "real" leak where the pointers have been discarded > without freeing the data, or a "pseudo" leak caused by references to > them being held forever). > I agree its amost certainly a leak. Christos and William L. have been fixed some leaks in the Squid-4 cert generator non-caching configs recently. I'm not sure yet if its applicable to 3.5 or not, but from the sounds of this it very well could be the same thing. Unfortunately the code is quite a bit different in this area now so the patches wont directly prot. I think you had best get in touch with Christos about this. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
