1274811 - TLS 1.3: Server cert is unavailable in GetClientAuthData callbacks

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[Masatoshi Kimura [:emk]]

Client auth will always fail if TLS 1.3 is negotiated. I found this when I tried to enable TLS 1.3 in an xpcshell-test (test_tls_server.js).

nsNSS_SSLGetClientAuthData (the PSM GetClientAuthData callback) assumes that SSL_PeerCertificate will always get a server certificate. This assumption was valid as of TLS 1.2 because the server had to send the Certificate message before the Certificate Request message.

But TlS 1.3 has changed the message order. The server will send the Certificate Request message before the Certificate message, so the server cert will be unavailable in the GetClientAuthData callback.

Is this change expected as a libssl contract? Will applications have to deal with this change on their own? If the answer is "yes", I'll morph this to a PSM bug.

Comment 1

[Martin Thomson [:mt:]]

Yes, this is an NSS bug.  This should be relatively easy to fix.

Comment 2

[Martin Thomson [:mt:]]

Attachment: bug1274811-1.patch

http://codereview.appspot.com/294610043

Comment 3

[Masatoshi Kimura [:emk]]

Any progress? WebRTC is going to enable TLS 1.3. (bug 1284103)

Comment 4

[Eric Rescorla (:ekr)]

The WebRTC code doesn't invoke SSL_PeerCertificate()

Comment 5

[Martin Thomson [:mt:]]

I updated the patch; it should be good to land in NSS 3.2, but I'd like ekr to double-check it first.  As ekr notes, we don't need this immediately.

Comment 6

[Martin Thomson [:mt:]]

https://hg.mozilla.org/projects/nss/rev/f2a201feca1e