memory issues after upgrading to v0.19.10

[rlindner81]

our project experienced a severe impact on memory when we upgraded hdb from v0.19.9 to v0.19.10. our servers open a little over 10k clients managed in pools for our tenants. this started to impact our server memory significantly from around 20% memory consumption, in idle, we went to >60% in idle and sometimes even crashed a server instance for non-idle.

after long sessions of rolling back individual changes, we identified the cause as
https://github.com/SAP/node-hdb/pull/238/files

we do have options.ca set to the certificate we want to use and we don't need the 147 tls root certificates "mixed in" on top. since these db connection parameters are taken directly from a hana service binding, there is no easy way for us to set options.sslUseDefaultTrustStore = false to get the old behavior back.

please turn this behavior off by default.

[jiangxin0503]

We're still facing this issue with latest version, is there any plan to fix this ?

[davidbrandow]

Just to confirm, when you say 'latest version', that means v0.19.12 or later, correct?

[jiangxin0503]

Just to confirm, when you say 'latest version', that means v0.19.12 or later, correct?

Hi @davidbrandow Yes, the version 0.19.12 is still not working, I think memory issues is not resloved

[IanMcCurdy]

To make sure we're all on the same page I'll give the full background:

In v0.19.10 we implemented a fallback mechanism that would add tls.rootCertificates to the options.ca list when creating a TLS connection. This was/is configurable via the sslUseDefaultTrustStore connect option which defaulted to true in v0.19.10. After realizing the memory cost of adding such a long list of certificates we decided to change the default value of sslUseDefaultTrustStore to false in v0.19.11 and instead add a reduced list of only HANA Cloud-relevant certificates (a total of 3 additional certs). This can be turned off by setting the sslHanaCloudCertificates option to false. We expected this to largely take care of the memory issue by vastly reducing the number of additional certificates (140+ down to only 3).

@jiangxin0503 could you try setting sslHanaCloudCertificates=false to see if this avoids the memory impact?

[jiangxin0503]

Hi @IanMcCurdy , Many thanks for the detailed explanation, we will have a try, and keep you update. Thanks