Closed Bug 1547860 Opened 2 years ago Closed 2 years ago

netwerk/test/unit/test_tls_server.js fails with NSS 56826bedabba

Categories

(Core :: Security: PSM, defect, P1)

68 Branch
defect

Tracking

()

RESOLVED FIXED
mozilla68
Tracking Status
firefox-esr60 --- unaffected
firefox67 --- unaffected
firefox68 --- fixed

People

(Reporter: jcj, Assigned: jcj)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bisecting shows something from Bug 1532312 broke this test. I haven't determined yet whether the test needs to be updated, or whether there's a problem with the patchset from that bug.

Blocks: 1539227
Regressed by: 1532312
No longer regressed by: 1539227

Daiki,

Any off-the-top-of-your-head thoughts about how netwerk/test/unit/test_tls_server.js's new failure might be related to Bug 1532312? It looks like some things with NSS-as-a-server changed, but I haven't yet been able to dig into it, just getting back from PTO. I'll do more analysis tomorrow if you don't have immediate ideas.

Flags: needinfo?(dueno)

eb03936b42bb51d1e96acc73ac25a3b2501090b9 passes.
ef0974cfd1defe7512c8978095edd81e86e8b1d8 fails.

I'm currently suspecting 15905cd1cab9c8460b245f19134043b5217e0e8b.

15905cd1cab9c8460b245f19134043b5217e0e8b fails. Since that's the first patch that modifies non-test code past eb03936b42bb51d1e96acc73ac25a3b2501090b9, it must be part of the answer, though that doesn't prove whether the fault is in NSS or the Firefox test.

(In reply to J.C. Jones [:jcj] (he/him) from comment #4)

15905cd1cab9c8460b245f19134043b5217e0e8b fails. Since that's the first patch that modifies non-test code past eb03936b42bb51d1e96acc73ac25a3b2501090b9, it must be part of the answer, though that doesn't prove whether the fault is in NSS or the Firefox test.

Thank you for looking into it. Indeed that commit changed the behavior in NSS server: previously the server sent a "bad_certificate" alert instead of "certificate_required" when a client certificate is required by the server but not provided by the client.

It seems the Firefox test relies on the alert description "bad_certificate", so I guess it needs to be updated to expect "certificate_required".

Flags: needinfo?(dueno)
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/54d6029f69a5
Update test_tls_server to use TLS 1.3 client cert alert logic r=keeler
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.