On Wed, May 17, 2006 at 06:01:37PM +0200, Michael Weiser wrote:
I'm now retrying with a freshly compiled openssl-0.9.8b to see if that has anything to do with anything.
The problem persists with openssl-0.9.8b:
# gdb src/stunnel --core stunnel.core --batch -ex "thread apply all bt full" -ex "quit" Core was generated by `stunnel'. Program terminated with signal 11, Segmentation fault. #0 0x280d07b5 in SSL_get_peer_certificate () from ../bin/openssl-0.9.8b/lib/libssl.so.0.9.8 [New LWP 100077]
The problem is triggered by a change to src/client.c in stunnel-4.15. client() now loops over calls to run_client() instead of doing it just once. The first, successful (!) call to run_client() seems to leave the ssl context in an undefined state which makes the following calls to run_client() segfault in the forked child which in turn produces the core file. My guess is, that it's not actually supposed to loop if the call to run_client() is successful.
Reverting client.c to roughly 4.14 fixes the problem for me. A patch is attached. Any insights and a more permanent fix would be highly appreciated.
BTW: I configured stunnel with --with-threads=pthread. By default, ucontext is detected, which is broken in stunnel-4.14 as well. After finishing, 4.14 hangs in s_poll_wait waiting for -1 seconds on 0 fds (!?). I can provide debugging log and gdb output if needed.
-
Michael Weiser