Open Bug 1170481 Opened 9 years ago Updated 5 months ago

assertion failure in ssl3_config_match_init if server lacks certificate of required type

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Version:
3.19
Type:
defect

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned, NeedInfo)

Details

If an TLS connection requires a certificate that the server doesn't have,
this error should be handled gracefully.

Currently we run into an assertion failure and crash in debug builds.

Using the NSS test suite output, this can be reproduced using the server and client directories and running selfserv and tstclnt from those directories.

selfserv -D -p 7443 -d dbm:server -w nss -e localhost.localdomain-ec -c :C013 -V ssl3:tls1.2 -v

tstclnt -p 7443 -d dbm:client -h localhost.localdomain -w nss -c :C013 -V ssl3:tls1.2 -f -v < ../../../nss/tests/ssl/sslreq.dat

:C013 is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

selfserv crashes with:

Assertion failure: numPresent > 0 || numEnabled == 0, at ssl3con.c:814
Severity: normal → S3

Dennis, can you please confirm the Priority and Severity on this bug ?

Severity: S3 → S4
Flags: needinfo?(djackson)
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.