assertion failure in ssl3_config_match_init if server lacks certificate of required type

NEW
Unassigned

Status

NSS
Libraries
3 years ago
3 years ago

People

(Reporter: kaie, Unassigned)

Tracking

3.19

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
If an TLS connection requires a certificate that the server doesn't have,
this error should be handled gracefully.

Currently we run into an assertion failure and crash in debug builds.

Using the NSS test suite output, this can be reproduced using the server and client directories and running selfserv and tstclnt from those directories.

selfserv -D -p 7443 -d dbm:server -w nss -e localhost.localdomain-ec -c :C013 -V ssl3:tls1.2 -v

tstclnt -p 7443 -d dbm:client -h localhost.localdomain -w nss -c :C013 -V ssl3:tls1.2 -f -v < ../../../nss/tests/ssl/sslreq.dat

:C013 is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

selfserv crashes with:

Assertion failure: numPresent > 0 || numEnabled == 0, at ssl3con.c:814
You need to log in before you can comment on or make changes to this bug.