@bbockelm commented on this pull request. > +// Forward dec'ls. +class XrdSysError; +typedef void CURL; + +namespace TPC { + +/** + * libcurl with the NSS backend has significant memory leaks around the CA handling + * code. We have discovered that the memory leaks are *smallest* when NSS is given + * all the CA certificates in a single file (as opposed to many files in a directory). + * + * This class takes a traditional grid CA directory, parses its contents, and creates + * a single file. + * + * Each restart of the server this temporary file is created; further, every hour a + * new copy of the CAs is made. Why? Do we save significant I/O by going from hourly to every 12 hours? In my tests, loading a CA directory was ~100-200ms. There's a cost to adding a configuration knob; I question if it's worthwhile to give configuration options that allow one to save something like 2 seconds of CPU time per day. One hour was selected to be so low no one could complain it is too infrequent (i.e., picks up RPM updates in a reasonable amount of time) and high enough to make the cost negligible. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1431#discussion_r602003138 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1