We've run into a problem with OpenSSL on some servers at Sun. Basically,
the problem goes like this:
- multiple webapps launch that use jruby-openssl gem as part of Rails stuff
- openssl creates a BC provider and registers it in Java security (each
webapp does this)
- when webapp undeploys, provider reference still exists, which prevents
the webapp's classloader from going away; over time this eventually
blows up permgen space
It's pretty ugly.
It appears the only really complete solution would be to replace all
invocations of JCE APIs (which depend on the provider being registered)
would be to invoke BouncyCastle APIs directly. This allows us to provide
OpenSSL functionality entirely independent of JCE, and avoids having
webapps register a provider at all.
It's going to be a bit of work, so I wanted to toss it out there for
discussion, especially since Bill has said he's doing a bit of work on
OpenSSL for work.
Thoughts?
- Charlie
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
