Requests using ":verify :required" eats RAM when error is signalled
Closed this issue · 1 comments
Hi!
I am bit confused about what is happening but if i perform some requests using TLS to an host that presents an invalid certificate (in my case a self signed one), the system seems suffering from a memory leak or something and the ram used has a steady increase.
I paste here the code to reproduce the problem and a plot.
Honestly i do not know if the problem is in drakma or in cl+ssl (or in my code perhaps!).
Important note: I am using cl+ssl from the git repository, not from quicklisp because the latest version of the library fixed this problem:
(ql:quickload "drakma")
(defparameter *uri* "https://localhost/")
;;sbcl --load "drakma-report.lisp" --eval "(main)"
(defun memory-used ()
"Assuming only a process whom command line terminate with main)"
(string-trim '(#\Newline)
(with-output-to-string (stream)
(uiop:run-program "ps aux | awk -- '/main)$/ {print $6}'"
:output stream))))
(defun main ()
(loop for i from 0 below 2000 do
(ignore-errors
;; Condition CL+SSL::UNABLE-TO-MATCH-COMMON-NAME was signalled.
(drakma:http-request *uri*
:want-stream nil
:verify :required))
(sb-ext:gc :full t)
(format t "~a ~a~%" i (memory-used)))
(uiop:quit))
Bye!
C.
Hi!
After inspecting the source seems that, in file util.lisp the function make-ssl-stream could be the cause of the leak.
I noticed that the callback :close-callback is not called when the certificate verification process fails, so the TLS context in not freed (i.e. the function cl+ssl:ssl-ctx-free is not called).
If i set the keyword value :auto-free-p to t in this line:
https://github.com/edicl/drakma/blob/master/util.lisp#L337
(cl+ssl:with-global-context (ctx)with:
(cl+ssl:with-global-context (ctx :auto-free-p t)The leak seems gone but now i wonder, if the callback is not called, if the stream is properly closed (seems yes but i can not understand where, maybe in the cleanup form of the unwind-protect of the function http-request?).
Hope this helps!
Bye!
C.