Hi,
We’re using SSL with client side certificates through nginx. When
enabling “ssl_verify_client”, memory usage increases drammatically (and
continues to grow). When “ssl_verify_client” is disabled, memory usage
stays very low.
I’m testing on Mac OSX 10.5 now but the problem is present on Gentoo as
well. Any ideas?
The basic configuration is:
worker_processes 1;
pid logs/nginx.pid;
events { worker_connections 1024; }
http {
include mime.types;
default_type application/octet-stream;
tcp_nopush on;
tcp_nodelay on;
sendfile off;
upstream mongrel {
server 127.0.0.1:3000;
}
server {
listen 8443;
ssl on;
ssl_certificate xxxx.crt;
ssl_certificate_key xxxx.key;
ssl_client_certificate xxxx.pem;
ssl_verify_client on;
ssl_session_cache off;
keepalive_timeout 70;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:3001;
}
}
}