2009-04-13 libssl
by Vasil KolevSomething I’ve hit my head in repeatedly – libssl:
This lovely lib, main part of openssl, sucks (or, most programmers can’t use it right). Example – you run php with curl (which uses SSL), and then add php-pgsql to some database (which comes configured with ssl=true). The result is that php coredumps like crazy. Solution (the easiest for the moment) – disable ssl of the DB (there’s not a lot of use for it anyway).
I’ve seen thousands of variations of this issue, like with OpenSIPS, TLS and their module for xcap client, which uses curl, which in turn comes with openssl version (in the debian-based stuff there’s one with gnutls), or something that’s statically linked with openssl, and which in some way links dynamically something else that in turn links some local openssl. Boom. It’s extremely hard to find the issue with tools like strace, ltrace didn’t help a lot (and if you’ve ever tried ltracing php, you’d know how ugly that is), and the coredumps are pretty bad to decode. I think it was dumb luck that helped me the first time.
Conclusion – be VERY careful with libss, avoid dynamic modules that use it, and … well, be careful. There seems to be only one other replacement for openssl – gnutls – and it doesn’t seem to be trusted too much.
(I personally don’t like libssl. Horrible interface, weird ideas, and the code dumps are almost always fucked up.)