Closed Bug 1580272 Opened 6 years ago Closed 6 years ago

When running tests, ssl external cache is cleared

Categories

(Core :: Security: PSM, defect, P2)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla71
Tracking Flags:
Tracking Status
firefox71 --- fixed

People

(Reporter: kershaw, Assigned: kershaw)

Details

Attachments

(1 file)

Bug 1580272 - Remove unnecessary call to proxyStartSSL
47 bytes, text/x-phabricator-request
Details | Review

I found this problem when I tried to run this test with turning network.ssl_tokens_cache_enabled on.
We set the resumption token at here, but the session id is cleared in head_psm.js by calling proxyStartSSL.
Since we got a null session if in ssl3_SendClientHello, we can't resume the session successfully.

Seems like maybe NSS is not treating the external cache like the internal cache? Or maybe I'm misunderstanding what this bug is.

Assignee: nobody → nobody
Component: Security: PSM → Libraries
Product: Core → NSS
QA Contact: jjones
Version: unspecified → other

NSS clears the cache no matter it's internal or external in ssl_ResetSecurityInfo, which is triggered by calling proxyStartSSL.
I think the problem is why do we have to call sslSocketControl.proxyStartSSL() at here? Could we remove it or move it to somewhere else?

Assignee: nobody → kjacobs.bugzilla
Status: NEW → ASSIGNED
Priority: -- → P2

proxyStartSSL is how we start the TLS handshake. Maybe driveHandshake would work? In any case, I'm still confused why the test would work with the NSS cache but not work with the external cache.

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #3)

proxyStartSSL is how we start the TLS handshake. Maybe driveHandshake would work? In any case, I'm still confused why the test would work with the NSS cache but not work with the external cache.

Because the sid is assigned at here, which is happened after proxyStartSSL. If we use external cache, sid is assigned before proxyStartSSL, so it will be cleared.

FWIW, all unit tests under security/manager/ssl/tests are passed without proxyStartSSL. Maybe we can just remove these lines.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=496f5285b4f700bb7584cf02099178018ca7f6b6&selectedJob=267274402

Huh - ok. Maybe those lines were never necessary.

Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: jjones
Version: other → unspecified

Kershaw - it sounds like you have a patch with the fix we'll need (removing the call to proxyStartSSL) - do you want to post that and I can review it?

Flags: needinfo?(kershaw)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #6)

Kershaw - it sounds like you have a patch with the fix we'll need (removing the call to proxyStartSSL) - do you want to post that and I can review it?

Sure. I can do this.

Kevin, I am sorry for stealing this bug from you. Feel free to take this back if you have another approach.

Assignee: kjacobs.bugzilla → kershaw
Flags: needinfo?(kershaw)
Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/aad903e8e61e Remove unnecessary call to proxyStartSSL r=keeler

https://hg.mozilla.org/mozilla-central/rev/aad903e8e61e

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox71: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: