From 89d36713e360ff5797f67e9b89d14db81da3bc25 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Wed, 5 Oct 2016 10:44:31 +1100
Subject: certutils: cap the cert store size at 100 by default

This should be enough to give us reuse without growing infinitely. This is part
of fixing the memory situation in mitmdump.

TODO: There's an opportunity here for a better algorithm, that expires certs
based on least-recently-accessed time, rather than oldest generated time.
---
 netlib/certutils.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'netlib/certutils.py')

diff --git a/netlib/certutils.py b/netlib/certutils.py
index 9eb41d03..bdc2b77e 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -169,6 +169,7 @@ class CertStore(object):
     """
         Implements an in-memory certificate store.
     """
+    STORE_CAP = 100
 
     def __init__(
             self,
@@ -181,6 +182,15 @@ class CertStore(object):
         self.default_chain_file = default_chain_file
         self.dhparams = dhparams
         self.certs = dict()
+        self.expire_queue = []
+
+    def expire(self, entry):
+        self.expire_queue.append(entry)
+        if len(self.expire_queue) > self.STORE_CAP:
+            d = self.expire_queue.pop(0)
+            for k, v in list(self.certs.items()):
+                if v == d:
+                    del self.certs[k]
 
     @staticmethod
     def load_dhparam(path):
@@ -342,6 +352,7 @@ class CertStore(object):
                 privatekey=self.default_privatekey,
                 chain_file=self.default_chain_file)
             self.certs[(commonname, tuple(sans))] = entry
+            self.expire(entry)
 
         return entry.cert, entry.privatekey, entry.chain_file
 
-- 
cgit v1.2.3