Comment 5 for bug 1655153

I have a possible patch for this by backporting a specific fix related to a SSL session leak from upstream stunnel4. It seems to be working well for me.

With 5.30-1 (the current version in Xenial), the RSS keeps growing. With this patch applied, RSS grows to around ~13000 and stays there.

It's somewhat difficult to prove the derivation of this patch from upstream stunnel4, as there is no version control repository for stunnel4. I made this patch by comparing the source of 5.32 and 5.33, and ultimately there was just a single line that looked to be relevant - adding a call to SSL_SESSION_free(). I can't promise this is a full fix, but it looks promising based on my own testing.

Can someone else experiencing this issue give this diff a try and see if it improves things for you as well? If this looks good, then perhaps we can get the stunnel4 package maintainer to sponsor getting this in.

Upstream Debian testing/sid is already using a newer version, so this is something that would be an Ubuntu patch and only applies to Xenial and other Ubuntu versions where stunnel4 versions >5.27 and <5.33 are used.