Closed Bug 166622 Opened 22 years ago Closed 22 years ago

SSL cipher coverage test fails in backward compatibility testing

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: rrelyea)

Details

Attachments

(3 files)

results.html 20020904.1
3.97 KB, text/html
Details
output.log 20020904.1
13.00 KB, text/plain
Details
Keydb shouldn't use blob code.
1.49 KB, patch
wtc
: review+
Details | Diff | Splinter Review 
Today's daily build fails all SSL cipher coverage tests
in the backward compatibility testing on all platforms.

Three typical errors are:

tstclnt: write to SSL socket failed: SSL received a record with an incorrect
Message Authentication Code.
selfserv: HDX PR_Read returned error -5961:
TCP connection reset by peer.

selfserv: HDX PR_Read returned error -12273:
SSL received a record with an incorrect Message Authentication Code.
tstclnt: write to SSL socket failed: SSL peer reports incorrect Message
Authentication Code.

selfserv: HDX PR_Read returned error -12264:
SSL received a record with bad block padding.
tstclnt: write to SSL socket failed: SSL peer reports incorrect Message
Authentication Code.

    
    

    
  

      
      
      
      

        Attached file
          
        output.log 20020904.1
      

    


  

    
    

    
  
I have been looking at this this morning. I think this has been happening since
last Friday.

Also, the SSl Cipher Coverage tests section in the regular testing (not BC) also
failed with this error:
9 Fatal - selfserv pid file
/share/builds/sbsrel2/nss/nsstip/builds/20020904.1/spd04_Solaris8/mozilla/tests_results/security/diffie.1/tests_pid.392034
does not exist

Just reporting it here since it looks similar, not verified yet if it is due to
the same cause.


    
    

    
  
Regarding the above comment by me:

The regular tests failed on Diffie, our DEC machine

    
    

    
  
Comment on attachment 97787 [details]
results.html 20020904.1

Changed mime type of attachment to text/html

        Attachment #97787 -
        Attachment mime type: text/plain → text/html

    
    

    
  
I built NSS on the trunk yesterday afternoon, and it passed all.sh on my
NT system.  So, is this perhaps specific to the QA test environment?

    
    

    
  
The daily QA passed on 8/27.

On 8/28, both the regular QA and backward compatibility test failed.
The failures are different from the ones reported in this bug.

On 8/29, regular QA passed but we started to see the backward
compatibility test failures reported in this bug.

Since our daily QA tests the snapshot at the end of the previous
day, this bug should be caused by a checkin on 8/27 or 8/28.

According to the crypto checkins newsgroup, it seems that all
the checkins on 8/27 and 8/28 were made by Bob.  So I am assigning
the bug to Bob.
Assignee: wtc → relyea
Severity: normal → blocker
Priority: -- → P1
Target Milestone: --- → 3.6

    
    

    
  
Nelson,

all.sh just tests the regular tests section, not the BC tests section. The
script 'nssqa' does the full suite of tests, the debug and opt regular tests,
and the debug and opt BC tests.

    
    

    
  
I was incorrect in my earlier statement.  all.sh does test the BC part, but some
environment variables need to be set. However, it gets somewhat cumbersome and
somewhat complicated.

Alternatively, all the right variables are set in the script 'nssqa'. Please
copy the script from /share/builds/sbstools/nsstools/nssqa/tests directory (it
is not the same as the checked in version in cvs) to your workspace tests
directory and run it thus:

./nssqa -y -d -fcron tip 0903 

or

./nssqa -y -d -fcron tip MMDD

This will first execute the debug and opt versions of all.sh, then set the
variables required for the BC testing, then execute the debug and opt BC test
suites.  The results can be viewed in the appropriate day's tests_results
directory, under the machine name.

    
    

    
  


  
The blob code uses certdb records to mark blob records. Certdb has a record
type for each of the records stored in the database. NSS code ignores
unrecognized records in the case of certs.

The key3.db code doesn't have records. The field that the certdb uses for a
record is a salt length. We could hack around the problem by making the blob
magic number quite large (255), under the theory that the record will be seen
as invalid by the key code, but it seems safest to assume we that we don't need
the blob code to handle keys.

    
    

    
  
Comment on attachment 98052 [details] [diff] [review]
Keydb shouldn't use blob code.

r=wtc.

        Attachment #98052 -
        Flags: review+

    
    

    
  
patch fixed the problems.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: