From 6346e9914a443e786bc3432937cc788e11618fb7 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Sun, 23 Apr 2023 14:45:33 -0500
Subject: [PATCH 1/5] Add tests for memory

---
 dev-requirements.txt |  2 ++
 noxfile.py           |  1 +
 tests/test_memory.py | 23 +++++++++++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 tests/test_memory.py

diff --git a/dev-requirements.txt b/dev-requirements.txt
index 46b5559..c16958c 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -8,3 +8,5 @@ trustme
 requests
 flaky
 httpx
+memray
+pytest-memray
diff --git a/noxfile.py b/noxfile.py
index fbcf0cf..027b148 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -57,6 +57,7 @@ def test(session):
         "-v",
         "-s",
         "-rs",
+        "--memray",
         "--no-flaky-report",
         "--max-runs=3",
         *(session.posargs or ("tests/",)),
diff --git a/tests/test_memory.py b/tests/test_memory.py
new file mode 100644
index 0000000..18cb24a
--- /dev/null
+++ b/tests/test_memory.py
@@ -0,0 +1,23 @@
+import asyncio
+import ssl
+
+import pytest
+import urllib3
+
+import truststore
+
+from .conftest import Server
+
+
+@pytest.mark.limit_memory("1MB")
+@pytest.mark.asyncio
+async def test_memory_limit(server: Server) -> None:
+    def run_requests():
+        ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+        for _ in range(10000):
+            with urllib3.PoolManager(ssl_context=ctx) as http:
+                http.request("GET", server.base_url)
+                http.clear()  # Close connections so we get new ones.
+
+    thread = asyncio.to_thread(run_requests)
+    await thread

From 90d85308cbb36418be0dd2b313ce39a55848e570 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Sun, 23 Apr 2023 15:19:18 -0500
Subject: [PATCH 2/5] Skip memray tests if not installed

---
 dev-requirements.txt | 3 +--
 noxfile.py           | 4 +++-
 tests/test_memory.py | 8 ++++++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/dev-requirements.txt b/dev-requirements.txt
index c16958c..c21833d 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -8,5 +8,4 @@ trustme
 requests
 flaky
 httpx
-memray
-pytest-memray
+pytest-memray; python_version<"3.12" and sys_platform!="win32" and implementation_name=="cpython"
diff --git a/noxfile.py b/noxfile.py
index 027b148..9a3fccf 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -52,12 +52,14 @@ def test(session):
 
     session.install("-rdev-requirements.txt", ".")
     session.run("pip", "freeze")
+    memray_supported = not session.run("python", "-c", '"import pytest_memray"')
+
     session.run(
         "pytest",
         "-v",
         "-s",
         "-rs",
-        "--memray",
+        *("--memray", "--hide-memray-summary") if memray_supported else (),
         "--no-flaky-report",
         "--max-runs=3",
         *(session.posargs or ("tests/",)),
diff --git a/tests/test_memory.py b/tests/test_memory.py
index 18cb24a..a56b404 100644
--- a/tests/test_memory.py
+++ b/tests/test_memory.py
@@ -8,7 +8,15 @@
 
 from .conftest import Server
 
+try:
+    import pytest_memray  # noqa: F401
 
+    memray_installed = True
+except ImportError:
+    memray_installed = False
+
+
+@pytest.mark.skipif(not memray_installed, reason="Memray isn't installed")
 @pytest.mark.limit_memory("1MB")
 @pytest.mark.asyncio
 async def test_memory_limit(server: Server) -> None:

From fc3e952fd6022a19db99a7d7e7d644a8b5b02d67 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Sun, 23 Apr 2023 15:50:15 -0500
Subject: [PATCH 3/5] Ignore 'limit_memory' marker not being available

---
 pyproject.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index 4beecdd..232b229 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -34,3 +34,6 @@ asyncio_mode = "strict"
 filterwarnings = [
   "error",
 ]
+markers = [
+  "limit_memory"
+]

From ba3f0806c18fc433c2da664bdde1176ec89b1aad Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Mon, 24 Apr 2023 12:59:43 -0500
Subject: [PATCH 4/5] Move memray posargs separately to be less confusing

---
 noxfile.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/noxfile.py b/noxfile.py
index 9a3fccf..33cff8c 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -53,13 +53,16 @@ def test(session):
     session.install("-rdev-requirements.txt", ".")
     session.run("pip", "freeze")
     memray_supported = not session.run("python", "-c", '"import pytest_memray"')
+    memray_posargs: tuple[str, ...] = (
+        ("--memray", "--hide-memray-summary") if memray_supported else ()
+    )
 
     session.run(
         "pytest",
         "-v",
         "-s",
         "-rs",
-        *("--memray", "--hide-memray-summary") if memray_supported else (),
+        *memray_posargs,
         "--no-flaky-report",
         "--max-runs=3",
         *(session.posargs or ("tests/",)),

From 07b26801b259046512019bac8249b15a1cfce72d Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Mon, 24 Apr 2023 13:21:43 -0500
Subject: [PATCH 5/5] Test out memory limiting to see if we can trip the limit

---
 src/truststore/_macos.py   | 4 ++--
 src/truststore/_windows.py | 4 ++--
 tests/test_memory.py       | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/truststore/_macos.py b/src/truststore/_macos.py
index 7dc440b..731abd6 100644
--- a/src/truststore/_macos.py
+++ b/src/truststore/_macos.py
@@ -389,13 +389,13 @@ def _verify_peercerts_impl(
                 ctypes.byref(CoreFoundation.kCFTypeArrayCallBacks),
             )
             CoreFoundation.CFArrayAppendValue(policies, ssl_policy)
-            CoreFoundation.CFRelease(ssl_policy)
+            # CoreFoundation.CFRelease(ssl_policy)
             revocation_policy = Security.SecPolicyCreateRevocation(
                 kSecRevocationUseAnyAvailableMethod
                 | kSecRevocationRequirePositiveResponse
             )
             CoreFoundation.CFArrayAppendValue(policies, revocation_policy)
-            CoreFoundation.CFRelease(revocation_policy)
+            # CoreFoundation.CFRelease(revocation_policy)
         elif ssl_context.verify_flags & ssl.VERIFY_CRL_CHECK_LEAF:
             raise NotImplementedError("VERIFY_CRL_CHECK_LEAF not implemented for macOS")
 
diff --git a/src/truststore/_windows.py b/src/truststore/_windows.py
index 3de4960..2c055f9 100644
--- a/src/truststore/_windows.py
+++ b/src/truststore/_windows.py
@@ -396,9 +396,9 @@ def _verify_peercerts_impl(
             else:
                 raise
     finally:
-        CertCloseStore(hIntermediateCertStore, 0)
+        # CertCloseStore(hIntermediateCertStore, 0)
         if pCertContext:
-            CertFreeCertificateContext(pCertContext)
+            pass  # CertFreeCertificateContext(pCertContext)
 
 
 def _get_and_verify_cert_chain(
diff --git a/tests/test_memory.py b/tests/test_memory.py
index a56b404..0b702ad 100644
--- a/tests/test_memory.py
+++ b/tests/test_memory.py
@@ -24,7 +24,7 @@ def run_requests():
         ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
         for _ in range(10000):
             with urllib3.PoolManager(ssl_context=ctx) as http:
-                http.request("GET", server.base_url)
+                http.request("HEAD", server.base_url)
                 http.clear()  # Close connections so we get new ones.
 
     thread = asyncio.to_thread(run_requests)