fix(#2): cap domain cert cache at 64 entries
This commit is contained in:
Nikketryhard
@@ -14,13 +14,13 @@ The MITM proxy matches intercepted API traffic to cascade IDs by scanning for `m
|
||||
|
||||
---
|
||||
|
||||
### 2. Domain Certificate Cache Is Unbounded
|
||||
### ~~2. Domain Certificate Cache Is Unbounded~~ ✅ FIXED
|
||||
|
||||
**File:** `src/mitm/ca.rs` — `domain_cache`
|
||||
|
||||
The `domain_cache` (`HashMap<String, Arc<ServerConfig>>`) grows without bound. Each unique domain gets a cached entry containing a full `ServerConfig` with an RSA key pair. In practice, only ~5–10 domains are intercepted so this is unlikely to matter, but there's no eviction.
|
||||
~~The `domain_cache` (`HashMap<String, Arc<ServerConfig>>`) grows without bound.~~
|
||||
|
||||
**Fix:** Set a max cache size (e.g., 100 entries) with LRU eviction, or use a TTL since leaf certs are generated with a 1-year validity.
|
||||
**Fixed:** Added a 64-entry cap with clear-on-overflow. In practice only ~5-10 domains are ever intercepted, so this is a safety valve. Full LRU would be overkill.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user