@bbockelm commented on this pull request.
In src/XrdTpc/XrdTpcNSSSupport.hh:
> +// Forward dec'ls. +class XrdSysError; +typedef void CURL; + +namespace TPC { + +/** + * libcurl with the NSS backend has significant memory leaks around the CA handling + * code. We have discovered that the memory leaks are *smallest* when NSS is given + * all the CA certificates in a single file (as opposed to many files in a directory). + * + * This class takes a traditional grid CA directory, parses its contents, and creates + * a single file. + * + * Each restart of the server this temporary file is created; further, every hour a + * new copy of the CAs is made.
Why? Do we save significant I/O by going from hourly to every 12 hours? In my tests, loading a CA directory was ~100-200ms.
There's a cost to adding a configuration knob; I question if it's worthwhile to give configuration options that allow one to save something like 2 seconds of CPU time per day.
One hour was selected to be so low no one could complain it is too infrequent (i.e., picks up RPM updates in a reasonable amount of time) and high enough to make the cost negligible.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1