Closed
Bug 657236
Opened 13 years ago
Closed 6 months ago
Session ticket may not contain enough of the client cert chain to reconstruct it during resumption
Categories
(NSS :: Libraries, defect, P5)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: briansmith, Unassigned)
References
(Blocks 1 open bug)
Details
The server side of libssl includes the client EE certificate (if there is one), but it doesn't include any intermediaries. That means the server may not be able to reconstruct the client's cert chain in a resumed session. (Whether or not this is useful or necessary depends on the application.)
|
Reporter | |
Comment 1•13 years ago
|
||
See also Bug 657237 comment 0.
|
|
Reporter | |
Comment 2•12 years ago
|
||
If the whole client cert chain were to be included in the session ticket, it would be more likely that the session ticket would become too large to fit inside the client hello extension. If/when we fix this bug (and, really, even if we don't), we should make sure that we never try to send a NewSessionTicket message with a session ticket larger larger than (2^16 - 1) bytes.
|
|
Reporter | |
Updated•10 years ago
|
Summary: Session ticket may not contain enough of the client cert chain to reconstruct it during resumption → Session ticket and server session cache entries may not contain enough of the client cert chain to reconstruct it during resumption
|
|
Reporter | |
Updated•10 years ago
|
Summary: Session ticket and server session cache entries may not contain enough of the client cert chain to reconstruct it during resumption → Session ticket may not contain enough of the client cert chain to reconstruct it during resumption
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•6 months ago
|
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•