OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE is not shareable across ractors

[HoneyryderChuck]

I'm working on ractor-safety in the http library I maintain, and I just got this error when performing an https request:

code looks like:

ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params(ctx_options)
#=> `set_params': can not access non-shareable objects in constant OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE by non-main ractor. (Ractor::Isolation
Error)

I've seen that OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE is not frozen. I'm not sure if there's a reason for it. However, even after I freeze it, it's not shareable:

irb(main):005:0> c = OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
=> #<OpenSSL::X509::Store:0x0000000108213b90 @chain=nil, @error=nil, @error_string=nil, @time=nil, @verify_callback=nil>
irb(main):006:0> c.frozen?
=> false
irb(main):008:0> c.freeze
=> #<OpenSSL::X509::Store:0x0000000108213b90 @chain=nil, @error=nil, @error_string=nil, @time=nil, @verify_callback=nil>
irb(main):009:0> c.frozen?
=> true
irb(main):010:0> Ractor.shareable?(c)
=> false

[rhenium]

even after I freeze it, it's not shareable:

The direct cause is that OpenSSL::X509::Store doesn't have the RUBY_TYPED_FROZEN_SHAREABLE flag set. X509_STORE appears to be safe to share across threads.

Actually, OpenSSL::SSL::SSLContext/SSL_CTX should also be shareable