diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2016-10-05 10:44:31 +1100 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2016-10-05 10:44:31 +1100 |
| commit | 89d36713e360ff5797f67e9b89d14db81da3bc25 (patch) | |
| tree | e99ca35a61cd95ddf78c51cc675ef1d5cebed7e0 /netlib | |
| parent | 6d343c7ca352b41e1a07e8a3001b36667ac8f5f8 (diff) | |
| download | mitmproxy-89d36713e360ff5797f67e9b89d14db81da3bc25.tar.gz mitmproxy-89d36713e360ff5797f67e9b89d14db81da3bc25.tar.bz2 mitmproxy-89d36713e360ff5797f67e9b89d14db81da3bc25.zip | |
certutils: cap the cert store size at 100 by default
This should be enough to give us reuse without growing infinitely. This is part
of fixing the memory situation in mitmdump.
TODO: There's an opportunity here for a better algorithm, that expires certs
based on least-recently-accessed time, rather than oldest generated time.
Diffstat (limited to 'netlib')
| -rw-r--r-- | netlib/certutils.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/netlib/certutils.py b/netlib/certutils.py index 9eb41d03..bdc2b77e 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -169,6 +169,7 @@ class CertStore(object): """ Implements an in-memory certificate store. """ + STORE_CAP = 100 def __init__( self, @@ -181,6 +182,15 @@ class CertStore(object): self.default_chain_file = default_chain_file self.dhparams = dhparams self.certs = dict() + self.expire_queue = [] + + def expire(self, entry): + self.expire_queue.append(entry) + if len(self.expire_queue) > self.STORE_CAP: + d = self.expire_queue.pop(0) + for k, v in list(self.certs.items()): + if v == d: + del self.certs[k] @staticmethod def load_dhparam(path): @@ -342,6 +352,7 @@ class CertStore(object): privatekey=self.default_privatekey, chain_file=self.default_chain_file) self.certs[(commonname, tuple(sans))] = entry + self.expire(entry) return entry.cert, entry.privatekey, entry.chain_file |