The web server test suite includes many client auth tests, with valid and invalid certs, expired, unexpired, etc. The server's certificate database contains a CA cert which is marked as trusted. Using the monday 1/14/2002 build of NSS, all the client auth tests (as well as the rest of the server test suite) pass. Using 1/16/2002, it no longer passes. The server log contains many SEC_ERROR_UNTRUSTED_ISSUER errors. The certificate database file used is the exact same, but the error only occurs with the 1/16 version of NSS. This is a regression in our code.
Ian, could you take a look at this? Thanks.
Assignee: wtc → ian.mcgreer
Whiteboard: Add new test
Target Milestone: --- → 3.4
Everything has been hosed since Monday, when the changes to the DER encoder went in. I believe everything is fixed now. Please try the 1/17/01 builds.
Would it be possible for you to package up both the client's and server's databases and send them to me (along with the passwords)? The extended SSL tests should reproduce this situation. That is, they test the ability for a client to do client auth to a server, where the server has the client's CA trusted (and vice-versa). The chains for the client and server certs have a path length of 3. Since those tests pass, I'm not sure how to reproduce this.
Ian, today's build passed the web server's test suite.
marking fixed then
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.