Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: OCSP staple causes hitch reload (first reload, no certs changes) doubles memory usage and never drops #391

Open
iammeken opened this issue Oct 31, 2024 · 1 comment
Open

BUG: OCSP staple causes hitch reload (first reload, no certs changes) doubles memory usage and never drops #391

iammeken opened this issue Oct 31, 2024 · 1 comment

Comments

@iammeken
Copy link

Then following reloads (no certs changes) will increase a part of memory and never release it, and until total memory is exhausted

this bug is critical especially when you are facing thousands of certs.

Please consider a fix, since this bug exists in ubuntu 20.04/22.04/24.04.

Disable OCSP will fix the bug (for the time being):

ocsp-dir = ""

#374

I hope hitch is still an active project.
@iammeken iammeken changed the title BUG: OCSP staple causes hitch reload (first reload, no certs changes)) doubles memory usage and never drops BUG: OCSP staple causes hitch reload (first reload, no certs changes) doubles memory usage and never drops Oct 31, 2024
@iammeken
Copy link
Author

iammeken commented Oct 31, 2024
edited
Loading

Another fix is to set ocsp dir to tmpfs (memory), but you will face high cpu load for for downloading ocsp in first several minutes and retrieve all ocsp after reboot.

Something must be wrong with hitch coding with hard disk.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@iammeken