Matt England wrote:
This is precisely the place to ask NSS/NSPR questions:). (Well certainly NSS questions anyway).Mozilla-NSS community-We have some questions regarding the usage of your NSS/NSPR libraries with our (Cleversafe's) software. I collected these questions (from Jason Resch and Wesley Leggette) below. Please let me know if this is not an appropriate forum for these questions.
It's hard to tell exactly what the issue is here. What version of NSS are you using?At 11/10/2006 02:01 PM, Jason Resch wrote: >Our server process creates a listener socket for accepting new SSL>connections. In testing for memory leaks one test we conducted was having>a client continuously connect and disconnect from the server.>What I noticed was that initially the memory usage of the server began to >grow quickly (about .1% of system memory per connection), but this tapers>off and becomes constant with our server process using around 8% of the>system memory. My question is whether this is due to the arena free list>as referenced here: >>http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/2bc2e75c06734965/b79656d99d39114d?lnk=st&q=NSS+memory+leak+ssl&rnum=27&hl=en#b79656d99d39114d>>I did attempt to set the environment variable: NSS_DISABLE_ARENA_FREE_LIST=1> >However it did not seem to have any noticeable effect on the >aforementioned behavior. Is my experience with memory usage normal? >And are there other methods for reducing the memory footprint when using >NSS? Thanks.
NSS does hold several free lists. One guess is this may be the free list of keys. This value is controlled by a slot variable call maxKeyCount. It is set based on the ulMaxSessionCount of the token you are using (most likely softoken which has a ulMaxSessionCount of '0'). If the ulMaxSessionCount is zero, it's set to an arbitrary value of 800 (PK11_InitToken in pk11wrap/pk11slot.c), if the ulMaxSessionCount is set to 20 or less, the value is set to '0' (no free list). In all other cases it is set to 1/2 of the ulMaxSessionCount.
The keyfreelist not only holds 'empty' key structures, but it can also potentially hold PKCS #11 sessions.
NSS does have test programs which compile statically. Look in mozilla/security/nss/cmd . Those applications with have the environment variable set to USE_STATIC_LIBS. It works on all platforms. NOTE: even then, not all libraries are effectively static. libfreebl usually has a dynamically loadable component for support reasons. NSPR also is not linked statically in these cases. Static linking could allow access to NSS private functions which may break your application in future releases of NSS. NSS and NSPR keep a strong commitment to binary compatibility between releases to encourage the use of the shared library versions. This also helps in maintenance (no need to recompile to pick up NSS security fixes, for instance).> >2. NSPR/NSS static compilation >>Does anyone have experience compiling NSS or NSPR statically on Windows or >Unix? Does anyone have a patch for the build system that accomplishing this?>
bob
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
