Closed Bug 310368 Opened 19 years ago Closed 19 years ago

remove incorrect configuration in JSS_SSLServer.java

Categories

(JSS Graveyard :: Tests, defect)

Product:
JSS Graveyard
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: glenbeasley, Assigned: Sandeep.Konchady)

Details

Attachments

(1 file, 1 obsolete file)

Modified the source as per Alexei's comments
18.71 KB, patch
alvolkov.bgs
: review+
glenbeasley
: superreview+
Details | Diff | Splinter Review 
see bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=310260
Assignee: glen.beasley → Sandeep.Konchady
Status: NEW → ASSIGNED
Target Milestone: --- → 4.1.1
As per Nelson's recommendations I have removed client only (DH and DHE) ciphers from JSS_SSLServer.java and also any references to Fortezza.
Attachment #211407 - Flags: superreview?(glen.beasley)
Attachment #211407 - Flags: review?(alexei.volkov.bugs)
Target Milestone: 4.1.1 → 4.2.3
Comment on attachment 211407 [details] [diff] [review]
In JSS_SSLserver removed cient only and fortezza ciphers.

ClassServer:
* unprotected between threads serverSocket and supportedCiphers variables. 

*Logistic of the function is not quite understood: each time server gets connection it creates a new thread to accept more client connections. At the same time if server successfully read from stream it closes connection with client socket, and start listen for more connections with client. Looks like a bug in program logic to me.

JSS_SSLClient: 
*not quite sure why test force handshake. It should happen when SSLSocket encountered first the bite in a stream. But if forceHandshake is used, we can do better job identifying the completion of handshake by using thread monitors instead of sleep(1000).

* Since forseHandshake is nonblocking, there is race condition created for variable "handshakeCompleted" should be fixed.

*socket.close() was removed. Why?
Attachment #211407 - Flags: review?(alexei.volkov.bugs) → review-
Based on Alexei's comments modified the code with the following changes.

[1] Removed ClassServer.java and added the code to accept() and communicate using JSSE_SSLServer.java
[2] This eliminates ambiguious situation with the logic as well as added thread protection
[3] In JSS_SSLClient removed forceHandshake() which also eliminates race condition
[4] Added socket.close()
Attachment #211407 - Attachment is obsolete: true
Attachment #212166 - Flags: superreview?(glen.beasley)
Attachment #212166 - Flags: review?(alexei.volkov.bugs)
Attachment #211407 - Flags: superreview?(glen.beasley)
Attachment #212166 - Flags: review?(alexei.volkov.bugs) → review+
Comment on attachment 212166 [details] [diff] [review]
Modified the source as per Alexei's comments

some of the lines in 
JSSE_SSLServer go past the 
80 column limit. please fix, but otherwise looks 
good.
Attachment #212166 - Flags: superreview?(glen.beasley) → superreview+
Checking in org/mozilla/jss/tests/GenerateTestCert.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/GenerateTestCert.java,v  <--  GenerateTestCert.java
new revision: 1.5; previous revision: 1.4
done
Checking in org/mozilla/jss/tests/JSSE_SSLServer.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/JSSE_SSLServer.java,v  <--  JSSE_SSLServer.java
new revision: 1.8; previous revision: 1.7
done
Checking in org/mozilla/jss/tests/JSS_SSLClient.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/JSS_SSLClient.java,v  <--  JSS_SSLClient.java
new revision: 1.7; previous revision: 1.6
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: