Closed
Bug 1474875
Opened 6 years ago
Closed 6 years ago
Typo in policy handling for DTLS-VERSION-MAX
Categories
(NSS :: Libraries, enhancement)
Tracking
(Not tracked)
RESOLVED
FIXED
3.39
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
1.10 KB,
patch
|
ueno
:
review+
|
Details | Diff | Splinter Review |
This commit https://hg.mozilla.org/projects/nss/rev/0d419662b42d from bug 1009429 contains the following incorrect line: {CIPHER_NAME("DTLS-VERSION-MAX"), NSS_DTLS_VERSION_MIN_POLICY} It should be: {CIPHER_NAME("DTLS-VERSION-MAX"), NSS_DTLS_VERSION_MAX_POLICY} It means the policy configuration for DTLS currently isn't working.
Assignee | ||
Comment 1•6 years ago
|
||
Assignee: nobody → kaie
Attachment #8991300 -
Flags: review?(dueno)
Comment 2•6 years ago
|
||
Comment on attachment 8991300 [details] [diff] [review] 1474875-v1.patch Review of attachment 8991300 [details] [diff] [review]: ----------------------------------------------------------------- Sure, looks good to me.
Attachment #8991300 -
Flags: review?(dueno) → review+
Comment 3•6 years ago
|
||
By the way, it would be nice if this is covered by the tests.
Assignee | ||
Comment 4•6 years ago
|
||
(In reply to Daiki Ueno [:ueno] from comment #3) > By the way, it would be nice if this is covered by the tests. Agreed, but I currently don't see an easy way to do so. The NSS test tools don't support DTLS, so we probably cannot use tstclnt like it's done for the other sslpolicy.txt tests. I suggest to implement a test as part of bug 1474887. For example, we would be able test that a configuration with {min=tls1.2, max=tls1.0} indeed produces an invalid configuration.
Assignee | ||
Comment 5•6 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/53c2ee896c57
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.39
Comment 6•6 years ago
|
||
The NSS test tools do support DTLS. 1. We have extensive gtests 2. tstclnt supports DTLS as well, and there's even a test: https://searchfox.org/nss/source/tests/ssl/ssl.sh#1084 Please add some kind of test here.
Assignee | ||
Comment 7•6 years ago
|
||
Thanks for the pointer!
Assignee | ||
Comment 8•6 years ago
|
||
I've checked in new policy tests as part of bug 1474887. When reverting to the broken handling for DTLS-VERSION-MAX, the new test reports an error.
You need to log in
before you can comment on or make changes to this bug.
Description
•