JSS CipherSuite SSLServer talking to JSSE SSLClient test broken

RESOLVED FIXED in 3.11

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: glen beasley, Assigned: glen beasley)

Tracking

3.11
3.11
Sun
Solaris

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

13 years ago
The JSS CipherSuite SSLServer talking to JSSE SSLClient test was broken

============ Start JSS server tests
============= Start JSSE client tests
main: jss library loaded

Using java version 1.4.2_09

Testing TLS Cipher list ...
***FilePasswordCallback returns netscape
Testing SSLv3 Cipher list ...
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  SIGSEGV (0xb) at pc=0xfbf9a77c, pid=6095, tid=1
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_09-b05 mixed mode)
# Problematic frame:
# C  [libssl3.so+0xa77c]
#
# An error report file with more information is saved as hs_err_pid6095.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#
(Assignee)

Comment 1

13 years ago
Created attachment 197654 [details] [diff] [review]
check to see if the sslServerCerts structure has been initialized

The macro svrAuth->SERVERKEY is defined as
sslimpl.h:#define SERVERKEY serverKeyPair->privKey
so first check if svrAuth->serverKeyPair is not NULL.
Attachment #197654 - Flags: superreview?(nelson)
Comment on attachment 197654 [details] [diff] [review]
check to see if the sslServerCerts structure has been initialized

The crash occurs when the server socket has not been configured with a cert and
private key.  This patch will eliminate the crash, but the server still will
not work correctly until it has been fixed to properly configure the socket
with the server cert and private key.
Attachment #197654 - Flags: superreview?(nelson) → review+
Checking in ssl3con.c;  new revision: 1.75; previous revision: 1.74

Christophe, This bugfix is required for 3.11 Beta 1.
If the nightly builds started before the time of this checkin, 
they will have to be redone.  
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11
(Assignee)

Comment 4

13 years ago
responding to comment 2 

The JSS server was configured with a cert and private key, the problem is the 
JSS server program tries to incorrectly enable the NSS client only DH and DHE
ciphers for the created server socket. 

I'll create a separate bug to fix the JSS test code. 




Priority: P1 → --
Target Milestone: 3.11 → ---

Updated

13 years ago
Priority: -- → P1
Target Milestone: --- → 3.11
I wrote: "The crash occurs when the server socket has not been configured 
with a cert and private key."  I should have added, "of the type required
by one one of the enabled cipher suites."  

So, if you enabled a DSA cipher suite, but haven't configured the SSL server 
socket with a DSA cert and DSA private key, then this crash will occur, even 
if you do have an RSA cert and RSA private key configured.  Hope that helps.
You need to log in before you can comment on or make changes to this bug.