Closed Bug 1261677 Opened 8 years ago Closed 8 years ago

TLS 1.3 resumption fails to carry over peer cert

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox48 affected)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox48 --- affected

People

(Reporter: mt, Assigned: mt)

References

Details

Attachments

(1 file)

bug1261677.patch
4.11 KB, patch
ekr
: review+
Details | Diff | Splinter Review 
This was an issue during integration with Cloudflare.
Attached patch bug1261677.patchSplinter Review 

        Attachment #8737604 -
        Flags: review?(ekr)

    
    

    
  
We need this if we are going to turn TLS 1.3 on in Firefox.  I haven't completely satisfied myself that there isn't something else that we need to carry over, but this is the obvious piece.
Flags: needinfo?(ekr)

    
    

    
  
Comment on attachment 8737604 [details] [diff] [review]
bug1261677.patch

Review of attachment 8737604 [details] [diff] [review]:
-----------------------------------------------------------------

Forgot to hit LGTM.

::: external_tests/ssl_gtest/ssl_loopback_unittest.cc
@@ +981,5 @@
>    SendReceive();
>    CheckKeys(ssl_kea_ecdh, ssl_auth_rsa);
>    DataBuffer psk2(c2->extension());
>    ASSERT_GE(psk2.len(), 0UL);
> +  ASSERT_TRUE(!!client_->peer_cert());

Can you add a test that the cipher suite is right on double-resume?

::: lib/ssl/tls13con.c
@@ +1011,5 @@
>          }
>  
>          tls13_RestoreCipherInfo(ss, sid);
>  
> +        ss->ssl3.hs.isResuming = PR_TRUE;

I don't think this does anything in TLS 1.3. I would suggest that we just remove all references in this code.

        Attachment #8737604 -
        Flags: review?(ekr) → review+

    
    

    
  
https://hg.mozilla.org/projects/nss/rev/53601845beb3
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.24

    
    

    
  
This broke the build
https://circleci.com/gh/nss-dev/nss/446?utm_campaign=build-failed&utm_medium=email&utm_source=notification
Status: RESOLVED → REOPENED
Flags: needinfo?(ekr) → needinfo?(martin.thomson)
Resolution: FIXED → ---

    
    

    
  
I had this fix on another branch, might as well bring it forward.

https://hg.mozilla.org/projects/nss/rev/973932c87cc9
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Flags: needinfo?(martin.thomson)
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: