Closed Bug 1339923 Opened 3 years ago Closed 3 years ago
Assertion failure: IS
_DTLS(ss) && (type == content _handshake || type == content _change _cipher _spec), at lib/ssl/ssl3con .c:2800 if ssl3 _Send Record needs to send more than MAX _FRAGMENT _LENGTH
I encountered this while trying to get NSS (as a TLS server) to send a very large stapled OCSP response. Basically, looking at ssl3_SendRecord, if nIn > MAX_FRAGMENT_LENGTH, the loop will happen more than once. The first time around, cwSpec (which was passed in as NULL) gets set to ss->ssl3.cwSpec. The second time around, cwSpec is non-null so the assertion is checked and fails, since this isn't DTLS.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8837792 - Flags: review?(franziskuskiefer)
Please post this on Phabricator at: https://nss-review.dev.mozaws.net/ Also, please assign the review to me.
Comment on attachment 8837792 [details] [diff] [review] patch Ok - I signed up for an account (it says it's waiting for approval).
If I'm understanding correctly, the patch in comment 4 has been r+'d. Here's a try run: https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=104acddbed7c624a1d844392b25dbbcd3bca08a2 Tim, could you land this for me? Thanks!
Yes, it has, sorry for not being clearer
Landed. Thanks! https://hg.mozilla.org/projects/nss/rev/c1595e741e35
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.30
You need to log in before you can comment on or make changes to this bug.