0

Ruby 1.8.7-p375 on OS X Sierra. I'm having a problem with a library that talks to a fedex rates SOAP service seg faulting.

~/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/httpclient-2.7.2/lib/httpclient/ssl_socket.rb:46: [BUG] Segmentation fault
ruby 1.8.7 (2013-12-22 patchlevel 375) [i686-darwin16.1.0]'

This is a legacy app stuck in Rails 2 / Ruby 1.8.7 and I am running OS X Sierra on my development laptop.

The full call-stack includes a fedex library, soap4r and httpclient, making it very difficult to create a minimal failure case (although I am still trying). Additionally, this ONLY happens in OS X. On Debian - even Debian 8 - I have no problems running this legacy code.

Full stack-trace sans application code:

httpclient (2.7.2) lib/httpclient/ssl_socket.rb:46:in `ssl_connect'
httpclient (2.7.2) lib/httpclient/ssl_socket.rb:24:in `create_socket'
httpclient (2.7.2) lib/httpclient/session.rb:739:in `connect'
~/.rbenv/versions/1.8.7-p375/lib/ruby/1.8/timeout.rb:67:in `timeout'
httpclient (2.7.2) lib/httpclient/session.rb:735:in `connect'
httpclient (2.7.2) lib/httpclient/session.rb:497:in `query'
httpclient (2.7.2) lib/httpclient/session.rb:170:in `query'
httpclient (2.7.2) lib/httpclient.rb:1238:in `do_get_block'
httpclient (2.7.2) lib/httpclient.rb:1021:in `do_request'
httpclient (2.7.2) lib/httpclient.rb:1129:in `protect_keep_alive_disconnected'
httpclient (2.7.2) lib/httpclient.rb:1016:in `do_request'
httpclient (2.7.2) lib/httpclient.rb:858:in `request'
httpclient (2.7.2) lib/httpclient.rb:761:in `post'
~/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/soap4r-ng-2.0.3/lib/soap/streamHandler.rb:238:in `send_post'
~/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/soap4r-ng-2.0.3/lib/soap/streamHandler.rb:172:in `send'
~/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/soap4r-ng-2.0.3/lib/soap/rpc/proxy.rb:187:in `route'
~/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/soap4r-ng-2.0.3/lib/soap/rpc/proxy.rb:150:in `call'
~/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/soap4r-ng-2.0.3/lib/soap/rpc/driver.rb:152:in `call'
(eval):6:in `getRates'

This is the procedure I used to install Ruby 1.8.7: https://gist.github.com/wmakley/8dfe436dfe345efae3ddf6756f9766b6

I was hoping the OpenSSL 0.9.8 thing would fix this issue, but no dice.

Open to any suggestions! My minimal test code actually works, but I am probably not doing everything necessary to create the same circumstance:

Gemfile:

gem 'httpclient', '~> 2.7.0' # required by soap4r-ng; 2.8 doesn't work in ruby 1.8
gem 'soap4r-ng'

Ruby code:

require 'httpclient'
require 'soap/soap'

client = HTTPClient.new(nil, SOAP::VERSION::FORK_STRING)
client.post(
  'https://gateway.fedex.com:443/web-services',
  LOTS OF XML INCLUDING SECRETS,
  {
    'SOAPAction' => 'getRates',
    'ContentType' => 'text/xml; charset=utf-8'
  }
)
wmakley
  • 1,233
  • 9
  • 18
  • That you got the atrociously ancient 1.8.7 working on your computer is remarkable. That it doesn't work properly is not surprising. That version hasn't been supported for years. It's not recommended you use it for anything, there are a number of vulnerabilities in it that have never been patched. I can barely get it working on an older distribution of Linux running in a Vagrant virtual machine. Likewise, Rails 2 is wickedly out of date and you're living on borrowed time if you haven't patched it. – tadman Nov 22 '16 at 22:55
  • Thank you I considered adding an essay about why that isn't option and yes I know the dire security situation, but felt that it distracted from simply asking the question. Long and short of it is the site will be replaced with a different platform rather than custom ruby code, the client doesn't have $$$ to upgrade thousands of lines of legacy code. (It has over a dozen old and complex Rails 2 engines that were originally built in Rails 1.2.6 and carried all those old assumptions forward, which won't upgrade easily.) – wmakley Nov 23 '16 at 00:31
  • Hope they're spending money on lots and lots of liability insurance instead. Rails 2 has some super, super bad vulnerabilities so I hope that site isn't public. There's no way to fix this problem. It's not even a consideration for the core team to keep up with current versions of macOS plus the modern SSL library. Create a VM with a historical version if you *must* work with this code. – tadman Nov 23 '16 at 02:34
  • 1
    It uses https://railslts.com/ – wmakley Nov 23 '16 at 16:01
  • At least you've got that. Maybe they can help with your 1.8.7 problem. – tadman Nov 23 '16 at 20:26

0 Answers0