Closed
Bug 222726
Opened 22 years ago
Closed 20 years ago
SSL_NO_CACHE option should obviate server cache
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(2 files, 1 obsolete file)
|
4.93 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
|
6.56 KB,
patch
|
Details | Diff | Splinter Review |
When the SSL_NO_CACHE option has been set on an SSL server socket, there
should be NO calls to any SSL server cache functions made by the SSL library
in the context of that server socket, or any of its progency sockets.
It should not be necessary to configure the SSL server cache when the sockets
have been configured to not use the cache.
But in practice, SSL server calls are made, even when noCache is set.
This should be fixed for certain tiny SSL servers that do not wish to use
the cache.
|
Assignee | |
Comment 1•22 years ago
|
||
I will look at this this weekend, and try to get this in for 3.8.3.
Status: NEW → ASSIGNED
Priority: -- → P2
Summary: SSL_NO_CACHE option should obviate server cache → SSL_NO_CACHE option should obviate server cache
Target Milestone: --- → 3.8.3
|
|
Assignee | |
Comment 2•22 years ago
|
||
This patch adds tests of the noCache flag in several places where they were
missing. It also adds a new -N option to selfserv to test this configuration.
When all the server sockets use the SSL_NO_CACHE option, the server session
cache is not used at all and there is no need to initialize or destroy it.
This patch is for the trunk. I will add a patch for the 3.8 branch shortly.
|
|
Assignee | |
Updated•22 years ago
|
Attachment #133608 -
Flags: review?(wchang0222)
|
||
Comment 3•22 years ago
|
||
Comment on attachment 133608 [details] [diff] [review]
patch v1 for trunk
r=wtc.
Attachment #133608 -
Flags: review?(wchang0222) → review+
|
|
||
Comment 4•22 years ago
|
||
Comment on attachment 133608 [details] [diff] [review]
patch v1 for trunk
Although I've reviewed this patch, I'd like to suggest two
changes.
1. lib/ssl/ssl3con.c
>- } else {
>+ } else if (!ss->noCache) {
> /* server. */
We should update the comment to say "server with session ID cache"
to match the new code.
2. cmd/selfserv/selfserv.c
>+ if (!NoReuse || maxProcs > 1 || envString) {
>+ SSL_ShutdownServerSessionIDCache();
>+ }
How about adding a Boolean local variable "hasSidCache",
set it to true after SSL_InheritMPServerSIDCache,
SSL_ConfigMPServerSIDCache, or SSL_ConfigServerSessionIDCache
is called, and call SSL_ShutdownServerSessionIDCache if
it is true?
|
|
Assignee | |
Comment 5•22 years ago
|
||
This is essentially the same patch, but for the NSS 3.8 branch.
|
|
||
Comment 7•22 years ago
|
||
Comment on attachment 133611 [details] [diff] [review]
patch for NSS 3.8 branch
r=wtc.
Attachment #133611 -
Flags: review+
|
|
Assignee | |
Comment 8•22 years ago
|
||
Patch for trunk is similar.
Attachment #133611 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 9•22 years ago
|
||
Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
||
Comment 10•22 years ago
|
||
Comment on attachment 133619 [details] [diff] [review]
patch as checked in on NSS 3.8 branch
I just wanted to point out that this patch also
contains an earlier change to ssl3con.c, made in
rev. 1.53.2.1 (NSS 3.8.1) for bug 202348.
|
|
Assignee | |
Comment 11•21 years ago
|
||
I am reopening this bug because it isn't compmletely fixed.
There are still cases where you get a null cache crash if you don't
initialize the cache. This can be demonstrated with selfserv.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 12•21 years ago
|
||
Bug 237724 records the remaining problem that occurs when the cache is
not initialized. So, I am returning this bug to the resolved/fixed
status.
Status: REOPENED → RESOLVED
Closed: 22 years ago → 21 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•21 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 13•21 years ago
|
||
This bug and Bug 237724 are very similar, but not quite identical.
They may have a common cause.
This bug states that when all SSL sockets have SSL_NO_CACHE set,
then it should not be necessary to initialize the SSL server session
cache. However, selfserv -N is enough to demonstrate that this is not so.
Bug 237724 states that a server crashes when the SSL server session cache
is not initialized, and SSL_NO_CACHE is NOT SET on the ssl sockets.
That case should fail, and is due to an application programming error.
The only issue there is that perhaps it should not crash.
I am changing the target milestone of this bug from 3.8.3 to 3.10,
since it was not really completely fixed in NSS 3.8.3. :-(
Target Milestone: 3.8.3 → 3.10
|
|
Assignee | |
Comment 14•20 years ago
|
||
I am marking this bug fixed again. It was marked fixed once before.
Since fixing bug 237724, I cannot reproduce this crash, and so I
believe it is (again) fixed in NSS 3.10.
Status: REOPENED → RESOLVED
Closed: 21 years ago → 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•