Closed Bug 120458 Opened 23 years ago Closed 23 years ago

server client auth tests fail with SEC_ERROR_UNTRUSTED_ISSUER

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Platform:
Sun
Solaris
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: julien.pierre, Assigned: bugz)

Details

The web server test suite includes many client auth tests, with valid and
invalid certs, expired, unexpired, etc. The server's certificate database
contains a CA cert which is marked as trusted.

Using the monday 1/14/2002 build of NSS, all the client auth tests (as well as
the rest of the server test suite) pass.
Using 1/16/2002, it no longer passes. The server log contains many 
SEC_ERROR_UNTRUSTED_ISSUER errors. The certificate database file used is the
exact same, but the error only occurs with the 1/16 version of NSS. This is a
regression in our code.
Priority: -- → P1
Ian, could you take a look at this?  Thanks.
Assignee: wtc → ian.mcgreer
Whiteboard: Add new test
Target Milestone: --- → 3.4
Everything has been hosed since Monday, when the changes to the DER encoder went
in.  I believe everything is fixed now.  Please try the 1/17/01 builds.
Would it be possible for you to package up both the client's and server's
databases and send them to me (along with the passwords)?

The extended SSL tests should reproduce this situation.  That is, they test the
ability for a client to do client auth to a server, where the server has the
client's CA trusted (and vice-versa).  The chains for the client and server
certs have a path length of 3.  Since those tests pass, I'm not sure how to
reproduce this.
Ian, today's build passed the web server's test suite.
Whiteboard: Add new test
marking fixed then
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.