netwerk/test/unit/test_tls_server.js fails with NSS 56826bedabba

RESOLVED FIXED in Firefox 68

Status

()

defect
P1
normal
RESOLVED FIXED
4 months ago
2 months ago

People

(Reporter: jcj, Assigned: jcj)

Tracking

(Regression, {regression})

68 Branch
mozilla68
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox-esr60 unaffected, firefox67 unaffected, firefox68 fixed)

Details

Attachments

(1 attachment)

Bisecting shows something from Bug 1532312 broke this test. I haven't determined yet whether the test needs to be updated, or whether there's a problem with the patchset from that bug.

Blocks: 1539227
Regressed by: 1532312
No longer regressed by: 1539227

Daiki,

Any off-the-top-of-your-head thoughts about how netwerk/test/unit/test_tls_server.js's new failure might be related to Bug 1532312? It looks like some things with NSS-as-a-server changed, but I haven't yet been able to dig into it, just getting back from PTO. I'll do more analysis tomorrow if you don't have immediate ideas.

Flags: needinfo?(dueno)

eb03936b42bb51d1e96acc73ac25a3b2501090b9 passes.
ef0974cfd1defe7512c8978095edd81e86e8b1d8 fails.

I'm currently suspecting 15905cd1cab9c8460b245f19134043b5217e0e8b.

15905cd1cab9c8460b245f19134043b5217e0e8b fails. Since that's the first patch that modifies non-test code past eb03936b42bb51d1e96acc73ac25a3b2501090b9, it must be part of the answer, though that doesn't prove whether the fault is in NSS or the Firefox test.

(In reply to J.C. Jones [:jcj] (he/him) from comment #4)

15905cd1cab9c8460b245f19134043b5217e0e8b fails. Since that's the first patch that modifies non-test code past eb03936b42bb51d1e96acc73ac25a3b2501090b9, it must be part of the answer, though that doesn't prove whether the fault is in NSS or the Firefox test.

Thank you for looking into it. Indeed that commit changed the behavior in NSS server: previously the server sent a "bad_certificate" alert instead of "certificate_required" when a client certificate is required by the server but not provided by the client.

It seems the Firefox test relies on the alert description "bad_certificate", so I guess it needs to be updated to expect "certificate_required".

Flags: needinfo?(dueno)
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/54d6029f69a5
Update test_tls_server to use TLS 1.3 client cert alert logic r=keeler
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.