EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Memory consumption during a client certificate validation

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#18258
Posted: 11/21/2011 13:57:59
by Michal Kreidl (Standard support level)
Joined: 11/21/2011
Posts: 4

Hi all,

I have a strange problem with a client certificate validation in a Windows CE application based on the SecureBlackBox SecureServer .NET edition (Compact Framework 3.5). If I set ClientAuthentication to false then all works fine. If I set Validate=true in the OnCertificateValidate event without any next validation also all works. But when I use TElX509CertificateValidator inside OnCertificateValidate event then the application takes some small piece of memory during each validation and never returns it. We did some test for memory leaks but none was found. Garbage collector would free memory of unused objects after some time (and it does it in the other circumstances) but in this case free memory decreases until OS crash. Used validation method is also very very simple: I have one self-signed certificate added to the validator as CA and the second certificate signed by it. The second one is sent by a client side to a server during connection and validated by a validator. Sample code:


Code
Private oValidator As TElX509CertificateValidator

Private Sub SomeInitialization()

....

    Dim oMemCertStorage As TElMemoryCertStorage = New TElMemoryCertStorage
    Dim oCACertStorage As TElMemoryCertStorage = New TElMemoryCertStorage

    oMemCertStorage.LoadFromBufferPFX(bCertBuffer, sPassword)

    Dim iCert As Integer = oMemCertStorage.FindByHashSHA1(New SBUtils.TMessageDigest160(&HA389907, &HA4CB42F0&, &H51A21F61, &HBA99FAC6&, &HB2D0209D&))
    Dim oCert As SBX509.TElX509Certificate = oMemCertStorage.Certificates(iCert)
    oCACertStorage.Add(oCert, True)

    oValidator = New TElX509CertificateValidator
    oValidator.UseSystemStorages = False
    oValidator.AddTrustedCertificates(oCACertStorage)
    
...
    
End Sub

Private Sub oSecureServer_OnCertificateValidate(ByVal Sender As Object, ByVal X509Certificate As SBX509.TElX509Certificate, ByRef Validate As Boolean) Handles oSecureServer.OnCertificateValidate

    Dim nReason As Integer
    Dim eValidity As SBX509.TSBCertificateValidity
    Try
        Dim remoteEndpoint As IPEndPoint = CType(oClientSocket.RemoteEndPoint, IPEndPoint)
        oValidator.ValidateForSSL(X509Certificate, "", remoteEndpoint.Address.ToString, SBConstants.TSBHostRole.hrClient, Nothing, False, False, Now, eValidity, nReason)
        Validate = (eValidity = TSBCertificateValidity.cvOk)
    Catch
        Validate = False
    End Try
End Sub


Any suggestion? I already don't know what to check.

Michal
#18261
Posted: 11/22/2011 02:06:48
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Its hard to say from the first point of view what is the reason of the memory leak. Try to move this code:
Code
oValidator = New TElX509CertificateValidator
oValidator.UseSystemStorages = False
oValidator.AddTrustedCertificates(oCACertStorage)

to oSecureServer_OnCertificateValidate handler and modify it like this:
Code
Private Sub oSecureServer_OnCertificateValidate(...) Handles oSecureServer.OnCertificateValidate
Using oValidator As TElX509CertificateValidator
  oValidator.UseSystemStorages = False
  oValidator.AddTrustedCertificates(oCACertStorage)
...
End Using
End Sub

Then check if the leak still exists.
#18263
Posted: 11/22/2011 05:19:31
by Michal Kreidl (Standard support level)
Joined: 11/21/2011
Posts: 4

Amazing, how easy. I will do so some next intensive stress tests but it seems that the problem is solved. Thank you very much.
#18264
Posted: 11/22/2011 05:23:38
by Vsevolod Ievgiienko (EldoS Corp.)

Great! Please let us know about the result of stress tests.

Reply

Statistics

Topic viewed 1224 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!