Created attachment 23017 [details] fix ab segfaults because it does a double free(). We got this bug report for Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495982 Ryan Niebur created the attached patch that fixes the issue.
Reproduced on trunk. Interestingly, I could not reproduce with a local server and a self-signed certificate, but using the URL from the original Debian bug report did trigger the seg fault. Applied the fix, the seg fault went away. Verified the doc for SSL_get_peer_cert_chain does say the reference count is not incremented, implying we must not free it. Fix applied to trunk, r818204
fixed in 2.4.1