Closed Bug 1063552 Opened 10 years ago Closed 10 years ago

If a client encounters an unknown CA, the TLS handshake is completed before the fatal unknown_ca alert is sent.

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.16.4
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: bugzilla, Unassigned)

Details

Attachments

(1 file)

sslserver.py
508 bytes, text/plain
Details
Attached file sslserver.py 
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36

Steps to reproduce:

On the server-side:
1. Accept a TLS/HTTPS connection from Firefox.
2. Serve a certificate that is not trusted by the client.
3. Perform an SSL handshake. (conn.do_handshake())


Actual results:

do_handshake() returns without error. 
The TLS unknown_ca alert is sent after the handshake completes: https://github.com/mitmproxy/mitmproxy/issues/301#issuecomment-50237255


Expected results:

The handshake should not be completed, the TLS alert should be sent immediately.
I commented in the mitmproxy thread linked above. This is the normal behavior for asynchronous certificate verification. We will complete the handshake, including sending and receiving the Finished message, before the certificate is verified. But, we won't add the session to the session cache and we won't send application data or process received application data until the certificate verification is finished. (The certificate verification and the handshake race each other, and we wait until they are both done.)
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: