Trying to run test_ssl.rb from ruby-1.8.6 source tree, program segfaults: $ ruby test/openssl/test_ssl.rb Loaded suite test/openssl/test_ssl Started ..test/openssl/test_ssl.rb:215: [BUG] Segmentation fault ruby 1.8.6 (2009-06-08) [i386-linux] Aborted installed components: ruby-1.8.6.369-3.fc12.i686, built from ruby-1.8.6.369-3.fc12.src.rpm openssl-1.0.0-0.7.beta3.fc12.i686 GDB backtrace: #0 freelist_insert (ctx=0x817c550, for_read=1, sz=34120, mem=0x86c0a48) at s3_both.c:645 #1 0x00691305 in ssl3_release_read_buffer (s=0x81ee640) at s3_both.c:762 #2 0x0068d60c in ssl3_free (s=0x81ee640) at s3_lib.c:2151 #3 0x00695d75 in tls1_free (s=0x81ee640) at t1_lib.c:163 #4 0x006a4041 in SSL_free (s=0x81ee640) at ssl_lib.c:581 #5 0x002a17c9 in ossl_ssl_free (ssl=<value optimized out>) at ossl_ssl.c:511 #6 0x08077193 in run_final (obj=3086404720) at gc.c:1903 #7 0x080771e4 in finalize_list (p=<value optimized out>) at gc.c:1057 #8 rb_gc_finalize_deferred (p=<value optimized out>) at gc.c:1931 It could be also an openssl-1.0.0beta3 bug, as the same ruby source code, with ruby-openssl-1.0.patch and other patches applied, but compiled on another system with openssl-0.9.8k runs without problem.
Looks like it is ruby garbage collection issue: sometimes SSLContext is freed in GC earlier than SSLSocket which still references such context. As ugly workaround, this patch seems to work: diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 4a4e60f..321132c 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -127,6 +127,8 @@ int ossl_ssl_ex_tmp_dh_callback_idx; static void ossl_sslctx_free(SSL_CTX *ctx) { + /* skip cleanup, if still referenced from one SSL socket, delay it to implicit calls from ossl_ssl_free */ + if(ctx && ctx->references == 3) return; if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1) ctx->cert_store = NULL; SSL_CTX_free(ctx);
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
It seems that with current openssl-1.0.0-1.fc13 this issue does not happen. Perhaps this was bug in openssl. Once closing.