Quote from https://github.com/curl/curl/issues/696 . See also https://bugzilla.redhat.com/show_bug.cgi?id=1057388 .

Several of our customers reported memory leaks when using Zabbix with web-scenarios. We tracked down the problem to libcurl / libnss and CURLOPT_SSL_VERIFYPEER = 1 option on CENTOS 6, CENTOS 7 and the corresponding RHEL versions. Eventually OOM killer kicks in and kills Zabbix processes.

The attached program demonstrates the issue (see the included README for running instructions). If you run it on the aforementioned operating systems with the default libcurl from their repositories then heap memory segment will grow continuously (run it for several minutes and use the included topmap.sh script to monitor memory segments).

Valgrind doesn't show any lost memory.

Workarounds (in Zabbix code):

• calling curl_global_init() / curl_global_cleanup() for each retrieved page - unfortunately on Debian based distributions this triggers a memory leak in GnuTLS (see https://bugs.launchpad.net/linuxmint/+bug/1552284);
• using curl binary instead of the library as it was done for web.page.get[] items in the past.

Operational workarounds:

• compiling libcurl from sources and using OpenSSL as the TLS backend;
• disabling "SSL verify peer" option in the web scenarios.