Closed
Bug 126300
Opened 23 years ago
Closed 23 years ago
Errors in SSL server test on NT
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.4
People
(Reporter: julien.pierre, Assigned: wtc)
Details
Besides the MD5 digest error, my weekend stress test of NSS3.4 with NES6
encountered the following errors :
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): Error receiving connection
(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE - Unspecified failure while processing
SSL Client Key Exchange handshake.)
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:28] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:29] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:30] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:31] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:32] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:32] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:32] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:33] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:33] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:15:33] failure ( 2180): for host 10.169.28.28 trying to GET /,
Client-Auth reports: Error completing handshake: (-8179)
SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer
[18/Feb/2002:05:37:35] failure ( 2180): Error receiving connection
(SSL_ERROR_SHA_DIGEST_FAILURE - SHA-1 digest function failed.)
[
|
Reporter | |
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.4
|
||
Comment 1•23 years ago
|
||
Did these error messages come from the client? or from the server?
Did they come from a process that had run out of memory?
|
|
Reporter | |
Comment 2•23 years ago
|
||
These messages were in the server's error log.
The server eventually did run out of memory - this is the one that grew to 800
MB. I don't know what the process size was at the time the messages were reported.
|
|
Reporter | |
Comment 3•23 years ago
|
||
I now have an NES server on Solaris running 3.4 in the state where it's doing
the MD5 error on every connection. It seems to have leaked memory (about 20 MB
in a 12 hour run) but it's still up and running debug bits. I'm going to take a
look at it by attaching with dbx.
|
|
Reporter | |
Comment 4•23 years ago
|
||
OK, this bug wasn't about the MD5 error. So ignore the last comment. The other
errors my Solaris server got are :
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:25:48] failure (12079): Error receiving connection (unable to
map error number -12192)
[19/Feb/2002:07:59:03] failure (12079): Error receiving connection
(SSL_ERROR_SHA_DIGEST_FAILURE - SHA-1 digest fu
nction failed.)
[19/Feb/2002:07:59:03] failure (12079): Error receiving connection
(SSL_ERROR_SHA_DIGEST_FAILURE - SHA-1 digest fu
nction failed.)
|
|
||
Comment 5•23 years ago
|
||
The message "unable to map error number -12192" must be a message from
the web server, and it suggests that the web server's list of error
strings needs to be updated. According to nss/cmd/lib/SSLerrs.h
this error SSL_ERROR_DECRYPT_ERROR_ALERT means
"Peer reports failure of signature verification or key exchange."
Were any other errors logged?
Did the client log any errors related to these?
|
|
Reporter | |
Comment 6•23 years ago
|
||
I'll file a bug against web server for that missing error.
The client doesn't maintain a log, so I don't know. I didn't pipe its output to
a file. Besides these errors and the MD5 errors, there weren't any other errors
in this test reported on the server side.
|
|
Reporter | |
Comment 7•23 years ago
|
||
FYI, in the second run of the server, for which I posted log errors above,
client auth was disabled, so there were no client auth errors reported.
|
|
Reporter | |
Comment 8•23 years ago
|
||
I still have to rerun a Win2K test in order to verify this bug. I haven't
checked NT since the MD5 problem and memory leak got fixed.
|
|
Reporter | |
Updated•23 years ago
|
Summary: Errors in SSL server test → Errors in SSL server test on NT
|
|
Reporter | |
Comment 9•23 years ago
|
||
I ran an overnight test with double handshake client auth. I didn't see any
error on the server side. There was also no memory growth. However, the
performance was extremely slow. Only 94938 were done in a 15 hour time period.
Closing this bug as there were no errors.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 10•23 years ago
|
||
Marking verified.
You need to log in
before you can comment on or make changes to this bug.
Description
•