certutils: cap the cert store size at 100 by default

This should be enough to give us reuse without growing infinitely. This is part of fixing the memory situation in mitmdump. TODO: There's an opportunity here for a better algorithm, that expires certs based on least-recently-accessed time, rather than oldest generated time.
2026-04-24 04:14:57 +08:00 · 2016-10-05 10:44:31 +11:00
parent 6d343c7ca3
commit 89d36713e3
2 changed files with 36 additions and 0 deletions
--- a/test/netlib/test_certutils.py
+++ b/test/netlib/test_certutils.py
@@ -74,6 +74,31 @@ class TestCertStore:
            cert, key, chain_file = ca.get_cert(b"foo.bar.com", [b"*.baz.com"])
            assert b"*.baz.com" in cert.altnames

+    def test_expire(self):
+        with tutils.tmpdir() as d:
+            ca = certutils.CertStore.from_store(d, "test")
+            ca.STORE_CAP = 3
+            ca.get_cert(b"one.com", [])
+            ca.get_cert(b"two.com", [])
+            ca.get_cert(b"three.com", [])
+
+            assert (b"one.com", ()) in ca.certs
+            assert (b"two.com", ()) in ca.certs
+            assert (b"three.com", ()) in ca.certs
+
+            ca.get_cert(b"one.com", [])
+
+            assert (b"one.com", ()) in ca.certs
+            assert (b"two.com", ()) in ca.certs
+            assert (b"three.com", ()) in ca.certs
+
+            ca.get_cert(b"four.com", [])
+
+            assert (b"one.com", ()) not in ca.certs
+            assert (b"two.com", ()) in ca.certs
+            assert (b"three.com", ()) in ca.certs
+            assert (b"four.com", ()) in ca.certs
+
    def test_overrides(self):
        with tutils.tmpdir() as d:
            ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")