Ssl_verify_client memory usage


We’re using SSL with client side certificates through nginx. When
enabling “ssl_verify_client”, memory usage increases drammatically (and
continues to grow). When “ssl_verify_client” is disabled, memory usage
stays very low.

I’m testing on Mac OSX 10.5 now but the problem is present on Gentoo as
well. Any ideas?

The basic configuration is:

worker_processes 1;
pid logs/;

events { worker_connections 1024; }

http {
include mime.types;
default_type application/octet-stream;

tcp_nopush on;
tcp_nodelay on;

sendfile off;

upstream mongrel {

server {
listen 8443;
ssl on;
ssl_certificate xxxx.crt;
ssl_certificate_key xxxx.key;
ssl_client_certificate xxxx.pem;
ssl_verify_client on;
ssl_session_cache off;
keepalive_timeout 70;

location / {
  proxy_set_header   X-Real-IP  $remote_addr;
  proxy_set_header   X_FORWARDED_PROTO https;
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header   Host $http_host;
  proxy_redirect     false;
  proxy_max_temp_file_size 0;