On 2/3/2012 4:57 PM, Daniel Ruggeri wrote: > On 2/3/2012 12:27 PM, Dr Stephen Henson wrote: >> Hmm... the ENGINE code is careful not to shutdown an ENGINE if keys exist >> which >> make use of it. >> >> So there is a possibility that the some chain verification leaves a >> reference to >> an RSA key which prevents the ENGINE from closing down completely. >> >> In engines/e_chil.c try commenting out the line containing >> ERR_load_HWCRHK_strings(). >> >> Only side effect of doing that is you will only get numerical error codes and >> not error strings. >> >> Steve. > I will try that on Monday. This is a good tip, though, and gives me an > avenue to explore! Thanks!
Yep! This was ultimately what the problem was - a missing cleanup of the context after the config stage. Not a problem for straight forward certs without an engine, but posed a problem in CHIL. Thank you for pointing this out. I'm still scratching my head about why the error manifested as a segfault on Solaris SPARC and as CHIL (validly) complaining/bombing out on AIX and RHEL. Unfortunately, it seems my debugger gets in the way when trying to figure this out, so it may be a mystery to me forever. -- Daniel Ruggeri