Print

Print

@bbockelm commented on this pull request.

In src/XrdTpc/XrdTpcNSSSupport.hh:

> +// Forward dec'ls.
+class XrdSysError;
+typedef void CURL;
+
+namespace TPC {
+
+/**
+ * libcurl with the NSS backend has significant memory leaks around the CA handling
+ * code.  We have discovered that the memory leaks are *smallest* when NSS is given
+ * all the CA certificates in a single file (as opposed to many files in a directory).
+ * 
+ * This class takes a traditional grid CA directory, parses its contents, and creates
+ * a single file.
+ * 
+ * Each restart of the server this temporary file is created; further, every hour a
+ * new copy of the CAs is made.

Why? Do we save significant I/O by going from hourly to every 12 hours? In my tests, loading a CA directory was ~100-200ms.

There's a cost to adding a configuration knob; I question if it's worthwhile to give configuration options that allow one to save something like 2 seconds of CPU time per day.

One hour was selected to be so low no one could complain it is too infrequent (i.e., picks up RPM updates in a reasonable amount of time) and high enough to make the cost negligible.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1431#discussion_r602003138", "url": "https://github.com/xrootd/xrootd/pull/1431#discussion_r602003138", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1