SSL.Connection has a race condition on session reuse/invalidation.
Imported from http://bugzilla.roxen.com/bugzilla/show_bug.cgi?id=7433
Reported by @grubba
If a session is invalidated while it is being used for renegotiation it may cause the following backtrace:
2m14.7s : Internal server error: [thr:140238989276928,fd:38] SSL.File->set_nonblocking (0, object()->write_cb, 0, 0, 0, 0)
Bad argument 1 to sizeof().
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/__builtin.pmod/Nettle.pmod/Hash.pike:112: Crypto.SHA256.HMAC->State()->create(UNDEFINED,64)
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/__builtin.pmod/Nettle.pmod/Hash.pike:95: Crypto.SHA256.HMAC->State()
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/__builtin.pmod/Nettle.pmod/Hash.pike:182: Crypto.SHA256.HMAC->`()(UNDEFINED,UNDEFINED)
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/SSL.pmod/Cipher.pmod:1303: SSL.Cipher.P_hash(Crypto.SHA256,UNDEFINED,"client finishedÈë;ÔOÙænK\233\20\36c\23ú\få.ª³\36\227_\t!»ùfÙ\ré\212",12)
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/SSL.pmod/Cipher.pmod:1355: SSL.Cipher.prf_tls_1_2(UNDEFINED,"client finished","Èë;ÔOÙænK\233\20\36c\23ú\få.ª³\36\227_\t!»ùfÙ\ré\212",12)
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/SSL.pmod/ServerConnection.pike:822: SSL.ServerConnection(handshaking)->handle_handshake(20,".\6\211\31\tP\4\211\222íH²","\24\0\0\f.\6\211\31\tP\4\211\222íH²")
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/SSL.pmod/Connection.pike:884: SSL.ServerConnection(handshaking)->got_data("")
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/SSL.pmod/File.pike:1839: SSL.File(Stdio.File("socket", "127.0.0.1 47856", 777 /* fd=39 */), SSL.ServerConnection(handshaking))->ssl_read_callback(Stdio.File("socket", "127.0.0.1 47856", 777 /* fd=39 */),"\24\3\3\0\1\1\26\3\3\0@Ùa²#i~\225|\231*á\231O\35C'\v÷G®åZÓUi\21ì|b`ø*@\0h+â\20OµìÑÜ*â\v\31\22\25\234\231¨.d\210¹¦\\b\21º0\31")
/home/grubba/src/Pike/8.0/build/medaka/test-install/pike/8.0.39/lib/modules/Stdio.pmod/module.pmod:1122: Stdio.File("socket", "127.0.0.1 47856", 777 /* fd=39 */)->__stdio_read_callback()
-:1: Pike.Backend(0)->`()(3600.0)
The problem is caused by SSL.Session()->master_session having been cleared by purge_session().
Note that it is unclear what the semantics are when a session is renegotiated while also being active in a different connection.
The best fix may be to only record sessions on successful close.