SSL Context Destruction Causes Core Dump on Solaris 11.3 with OpenSSL 3.0.12 and Poco 1.12.5.p1

[huibin-coder]

GitHub Issue
Describe the problem
When terminating SSL WebSocket client applications on Solaris 11.3 with Poco 1.12.5.p1 and OpenSSL 3.0.12, a core dump occurs during SSL context destruction. The issue is reproducible with Poco's sample code and appears to be a threading race condition in SSL cleanup. Poco 1.11.8 works correctly with the same OpenSSL version.

To Reproduce
Steps to reproduce the behavior:

Compile Poco 1.12.5.p1 with OpenSSL 3.0.12 on Solaris 11.3 SPARC

Build SSL client

Run the SSL client application

Core dump occurs during shutdown cleanup

Expected behavior
Application should terminate cleanly without core dump, as it does with Poco 1.11.8 and on other platforms (Windows, RedHat).

Logs
Core dump stack trace:

root@sol-eval:/opt/nec/pf/opm/agent/bin# mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
msc_opm:core> ::stack
libc.so.1rw_read_held+0x10(4000000004d58, 0, 0, 1, 100d34c40, ffffffff7f522a40) libc.so.1rw_wrlock_impl+0x40(4000000004d58, 0, 2800, ffffffff7bc2eb80, ffffffff7bc26000, 0)
libcrypto.so.3CRYPTO_THREAD_write_lock+4(4000000004d58, ffffffff2c826fb0, 1, 1, 0, ffffffff7bc38e98) libcrypto.so.3evp_keymgmt_util_clear_operation_cache+0x3c(100d39f20, ffffffffffd02408, ffffffff7fffcdac, 2fd800, ffffffff2cb24ba8,
ffffffff7bc38e98)
libcrypto.so.3EVP_PKEY_free+0x3c(100d39f20, ffffffffffffffff, ffffffff7fffce6c, ffffffff2cb24ba8, ffffffff7bc38fb0, ffffffff7bc314c4) libssl.so.3ssl_cert_free+0x4c(100cde830, ffffffff7bc27964, 10, ffffffffffe5b5f0, 0, 1a4800)
libssl.so.3SSL_CTX_free+0xf8(100cde120, ffffffff2d589a38, ffffffff2d48310c, ffffffff2d459714, ffffffff7f596590, ffffffff2cc34ab8) libPocoNetSSL64.so.95_ZN4Poco3Net7ContextD1Ev+0x18(100cdaa40, ffffffff2d589a38, ffffffff7bc2eb80, ffffffff2d5894f0, 100cdaa40, ff000000)
libPocoNetSSL64.so.95_ZN4Poco3Net7ContextD0Ev+4(100cdaa40, 1, 5, 0, 0, ffffffff7bc314c4) libPocoNetSSL64.so.95_ZNK4Poco16RefCountedObject7releaseEv+0x40(100cdaa40, 100cda3e4, ffffffff7bc2eb80, ffffffff2d5894f0, ffffffff7f522a40,
ff000000)
libPocoNetSSL64.so.95_ZN4Poco3Net15uninitializeSSLEv+0x100(ffffffff7fffd49f, 13cb8, 13c00, 100cda538, 100cda450, ffffffff2d4830b0) libmsc_communicator_client.so_ZN3msc12communicator4util20ScopedSSLInitializerD1Ev+0x198(100b841d0, 0, ffffffff2ec1eea8, 0, 0, 0)
libmsc_communicator_client.so_ZN3msc12communicator4util20ScopedSSLInitializerD0Ev+0x2c(100b841d0, 1, 5, 2, ffffffff7bc38fb0, ffffffff7bc314c4) libmsc_communicator_client.so_ZN4Poco9SharedPtrIN3msc12communicator4util20ScopedSSLInitializerENS_16ReferenceCounterENS_13ReleasePolicyIS4_EEE7rel
easeEv+0xac(ffffffff7fffd7c0, ffffffff7fffd7c8, 0, ffffffff7fffd7b8, 100b841d0, 100c72a78)
libmsc_communicator_client.so_ZN4Poco9SharedPtrIN3msc12communicator4util20ScopedSSLInitializerENS_16ReferenceCounterENS_13ReleasePolicyIS4_EEEaSEP S4_+0xc8(100c72a78, 0, ffffffff7fffd808, ffffffff7fffd8d0, ffffffff7fffd8d0, ffffffff2e114598) libmsc_communicator_client.so_ZN3msc12communicator6client23CommunicatorClientProxy15UnInitializeSSLEv+0x1a4(100c72a30, 0, ffffffff7fffd998,
ffffffff7fffdd68, ffffffff7fffdd68, ffffffff2e114598)
libmsc_communicator_client.so_ZN3msc12communicator6client23CommunicatorClientProxy4StopEv+0xc74(100c72a30, 100a07b38, ffffffff7bc2eb80, 1006c2e44 , ffffffff7f522a40, ff000000) libmsc_communicator_client.so_ZN3msc12communicator6Client4StopEv+0x28(100b83b90, 0, ffffffff7fffe408, ffffffff7fffe588, ffffffff7fffe588,
ffffffff2e114598)
_ZN3msc3opm26ManagerCommunicatorSysMgrG4StopEv+0x1d4(100c72c00, 0, ffffffff7fffe668, ffffffff7fffe9a0, ffffffff7fffe9a0, ffffffff2e114598)
msc_opm_ZN3msc3opm9ServerApp15StopApplicationEv+0x110c(ffffffff7ffff5a8, 6d, 100b839b0, ffffffff2d1956cc, ffffffff7ffff000, ffffffff7fffefa8) libmsc_serverapp.so_ZN3msc9serverapp21BaseServerApplication12uninitializeEv+0x50(ffffffff7ffff5a8, ffffffff7ffff600, 1008f18b0, ffffffff2d1be6e4,
0, 0)
libPocoUtil64.so.95_ZN4Poco4Util11Application3runEv+0x4c(0, 100a0ab80, 100b57360, ffffffff2d2e5220, ffffffff7ffff380, 100b57360) libPocoUtil64.so.95_ZN4Poco4Util17ServerApplication3runEiPPc+0x164(ffffffff7ffff5a8, 6, ffffffff7ffff8c8, 2, ffffffff7ffff8d0, 5)
msc_opm`main+0x38(6, ffffffff7ffff8c8, ffffffff7ffff900, 0, 0, 0)
_start+0x108(0, 0, 0, 0, 0, 100a07a38)
msc_opm:core>

I also try to use SSL client sample from NetSSL_OpenSSL/samples ( HTTPSTimeServer and download)
start download app the coredown problem also happend as follows:

::stack
libcrypto.so.3EVP_PKEY_free+0x80(1001b0c20, 0, ffffffff7fffebbc, ffffffff7da24ba8, 1, 9800) libssl.so.3ssl_cert_free+0x4c(1001b90c0, ffffffff7c893a50, 10, ffffffffffe5b5f0, 0, 1a4800)
libssl.so.3SSL_free+0x1a4(1001ba6f0, 1001babd0, 1d30, 1d68, ffffffff7dc34ab8, ffffffff7ddd63f0) libPocoNetSSL64.so.95_ZN4Poco3Net16SecureSocketImplD1Ev+0x44(1001b04e8, 1001ba6f0, ffffffff7ef5f0e4, ffffffff7f0894f0, 1001b04e8, 0)
libPocoNetSSL64.so.95_ZN4Poco3Net22SecureStreamSocketImplD0Ev+0x2c(1001b04c0, 1, 5, ffffffff7ef5f0e4, ffffffff7f0894f0, 1) libPocoNet64.so.95_ZNK4Poco16RefCountedObject7releaseEv+0x40(1001b04c0, ffffffff7ee923c8, fc0, ffffffff7ee923c8, 1001b8c70, ffffffff7ee923c8)
libPocoNetSSL64.so.95_ZN4Poco3Net18HTTPSClientSessionD0Ev+4(1001b8c70, 1, 100005d80, ffffffff7ed13e74, ffffffff7f344608, 0) libPocoNet64.so.95_ZN4Poco3Net18HTTPResponseStreamD1Ev+0x28(1001d1d00, ffffffff7ee93938, 1, 1001d1d00, 0, 1)
libPocoNet64.so.95`_ZN4Poco3Net18HTTPResponseStreamD0Ev+4(1001d1d00, 1, ffffffff7ffff2f0, ffffffff7ffff2f0, ffffffff7ffff2f0, 1001d1d58)
_ZNSt10unique_ptrISiSt14default_deleteISiEED1Ev+0xb0(ffffffff7ffff2f0, 100108a40, 2000, 0, dd, ffffffff7ffff2f8)
main+0x888(2, ffffffff7ffff618, ffffffff7ffff630, ffffffff7b1065c0, 2880, 2800)
_start+0x108(0, 0, 0, 0, 0, 100107000)

relevant environment information:
OS Type and Version: Solaris 11.3 SPARC

POCO Version: 1.12.5.p1 (issue occurs), 1.11.8 (works fine)

Third-party product type and version: OpenSSL 3.0.12

Additional context

Issue is Solaris-specific - same configuration works on Windows and RedHat

Crash occurs only during application shutdown, not during normal operation

Appears to be a race condition between thread cleanup and OpenSSL 3.x resource destruction

Solaris's strict lock validation in rw_read_held() detects invalid lock state during concurrent cleanup

Workaround: Use Poco 1.11.8, but we need to upgrade for security patches and new features

Questions for maintainers

What is the recommended approach to fix this SSL context destruction issue with OpenSSL 3.x on Solaris?

Are there specific patches or configuration changes we should apply to Poco's SSL management?

Should we modify the SSL cleanup sequence in Poco::Net::Context to avoid the race condition?

Are there known workarounds besides downgrading to Poco 1.11.8?