There appears to be a bug in the SSL bio (ssl/bio_ssl.c) when processing the BIO_flush() function. This causes a segmentation fault on linux.
OpenSSL 0.9.8b 04 May 2006 built on: Mon Oct 15 17:44:48 EDT 2007 platform: linux-x86_64 options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DMD5_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic Linux 2.6.25.6-27.fc8 #1 SMP Fri Jun 13 16:17:54 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux Program received signal SIGSEGV, Segmentation fault. 0x024299f9 in BIO_copy_next_retry () from /lib/libcrypto.so.6 (gdb) bt #0 0x024299f9 in BIO_copy_next_retry () from /lib/libcrypto.so.6 #1 0x066607f8 in ?? () from /lib/libssl.so.6 #2 0x02429d3a in BIO_ctrl () from /lib/libcrypto.so.6 #3 0x0809cdbd in ?? () #4 0x09df9338 in ?? () #5 0x0000000b in ?? () #6 0x00000000 in ?? () Looking at the source code (ssl/bio_ssl.c) in the ssl_ctrl() function for the BIO_CTRL_FLUSH case I see: case BIO_CTRL_FLUSH: BIO_clear_retry_flags(b); ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); BIO_copy_next_retry(b); break; The BIO_copy_next_retry(b) function will always cause a segmentation fault, because it dereferences the b->bio_next member, which for an SSL BIO, is always NULL. The SSL BIO is not attached using BIO_push(), but by using SSL_set_bio() instead. SSL_set_bio() attaches the next BIO to the SSL BIO's ssl->wbio and ssl->rbio members, leaving the SSL BIO's bio_next member NULL. The code in ssl/bio_ssl.c could instead do: BIO_set_flags(b,BIO_get_retry_flags(ssl->wbio)); b->retry_reason = ssl->wbio->retry_reason; I have checked the latest source code (1.0.0e) and it has not changed from the version that I have. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org