Trying to run test_ssl.rb from ruby-1.8.6 source tree, program segfaults:
$ ruby test/openssl/test_ssl.rb
Loaded suite test/openssl/test_ssl
..test/openssl/test_ssl.rb:215: [BUG] Segmentation fault
ruby 1.8.6 (2009-06-08) [i386-linux]
ruby-126.96.36.1999-3.fc12.i686, built from ruby-188.8.131.529-3.fc12.src.rpm
#0 freelist_insert (ctx=0x817c550, for_read=1, sz=34120, mem=0x86c0a48) at s3_both.c:645
#1 0x00691305 in ssl3_release_read_buffer (s=0x81ee640) at s3_both.c:762
#2 0x0068d60c in ssl3_free (s=0x81ee640) at s3_lib.c:2151
#3 0x00695d75 in tls1_free (s=0x81ee640) at t1_lib.c:163
#4 0x006a4041 in SSL_free (s=0x81ee640) at ssl_lib.c:581
#5 0x002a17c9 in ossl_ssl_free (ssl=<value optimized out>) at ossl_ssl.c:511
#6 0x08077193 in run_final (obj=3086404720) at gc.c:1903
#7 0x080771e4 in finalize_list (p=<value optimized out>) at gc.c:1057
#8 rb_gc_finalize_deferred (p=<value optimized out>) at gc.c:1931
It could be also an openssl-1.0.0beta3 bug, as the same ruby source code, with ruby-openssl-1.0.patch and other patches applied, but compiled on another system with openssl-0.9.8k runs without problem.
Looks like it is ruby garbage collection issue: sometimes SSLContext is freed in GC earlier than SSLSocket which still references such context.
As ugly workaround, this patch seems to work:
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4a4e60f..321132c 100644
@@ -127,6 +127,8 @@ int ossl_ssl_ex_tmp_dh_callback_idx;
+ /* skip cleanup, if still referenced from one SSL socket, delay it to implicit calls from ossl_ssl_free */
+ if(ctx && ctx->references == 3) return;
if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
ctx->cert_store = NULL;
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.
More information and reason for this action is here:
It seems that with current openssl-1.0.0-1.fc13 this issue
does not happen. Perhaps this was bug in openssl.