Actually, this could be it exactly. To my reading, the 0.9.8d tarball still defaults to (an extremely dangerous) getpid(). 2.3.30 never uses CRYPTO_set_id_callback. And the most recent thread I see on the matter ended (http://www.mail-archive.com/openssl-dev@openssl.org/msg21037.html) with an attitude of "Yeah, if anything, we should make things break more frequently when there's no callback set." Perhaps we should be adding one, with a bit of platform awareness through lutil?

On Wed, 29 Nov 2006, Howard Chu wrote:

Aaron Richton wrote:

...

I'm on latest 0.9.7 release. I can try and put together a slapd with 0.9.8d, and I guess if we're going to (potentially?) be pointing fingers toward OpenSSL that's a good idea anyway...

Yes, definitely a good idea. The prior releases always used getpid() to determine the threadID of the current thread, to decide if locking was needed. This is obviously only correct on old systems running LinuxThreads, where each thread was actually a separate process. It's surprising that it wasn't until recently that we've started seeing crashes caused by this bug.