« Connecting to a Fireb… | Home | Update for our QuickL… »

SSL Trouble

Today I reported two bug cases for SSL connections.

Case 31707: Web Standalone leak
Yesterday I saw the blog article about using SSL in standalone web edition applications. Nice addition, but when I try it, it leaks a lot of memory. Over 10 MB per new session. Seems like some memory from the session/sockets are not freed. The bug does not happen in this magnitude without SSL.

Case 31706: SSLSocket leak with ServerSocket
When working the last days on a client server project for a client, I saw the problem that my sockets on the server are not freed. The management of the sockets is up to the server socket. But even as they are closed, the destructor is not called.
Digging into the reference counting system, I see that in connected event my SSLSocket object has a reference count of 5 while without SSL, it only has 3. So there is a leak somewhere in the handling of SSL Sockets.

Case 2820: Certificates with sslsocket, httpsecuresocket
This is an old case about a feature missing in Xojo. We can't check the certificate from the server in our SSL Socket. So we can't prevent a man-in-the-middle attack.
I'd love to change the plugin and add at least an event to provide the certificate data. This way code in the event could make decision and return true or false back to the socket on whether to accept of not.

We'll see what can be fixed for 2014r1. The biggest plugin in space...
15 01 14 - 15:34