Closed Bug 326963 Opened 18 years ago Closed 18 years ago

Interoperability test with apache/mod_ssl: tstclnt produces: assertion failure: secmod_PrivateModuleCount == 0

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.1

People

(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)

Details

Attachments

(4 files)

output of tstclnt with SSLTRACE
86.18 KB, text/plain
Details
ssltap output
18.66 KB, text/plain
Details
mod_ssl log
23.29 KB, text/plain
Details
bug fix
1.27 KB, patch
nelson
: review+
julien.pierre
: superreview+
Details | Diff | Splinter Review 
Getting the assertion when configure server to request client auth for a directory access. Server global zone is configured to request client cert.

See attached files for details.

It looks like one reference is left to sid->localCert after     SSL_ClearSessionCache() function call.

    
    

    
  

      
      
      
      

        Attached file
          
        ssltap output
      

    


  

    
    

    
  

      
      
      
      

        Attached file
          
        mod_ssl log
      

    


  

    
    

    
  

      
      
      
      

        Attached patch
          
          
        bug fixSplinter Review
      

    


  
leaking cert and priv key in case when server sends request for renegotiation regardless the fact that it already has client cert. If such thing happen, ssl library on the client side should dispose not only cert chain but the user cert of the session and its private key that been left from previous session.

        Attachment #211808 -
        Flags: review?(nelson)

    
  
Summary: Interoperability test with apache/mod_sll: tstclnt produces: assertion failure: secmod_PrivateModuleCount == 0 → Interoperability test with apache/mod_ssl: tstclnt produces: assertion failure: secmod_PrivateModuleCount == 0

    
    

    
  
Comment on attachment 211808 [details] [diff] [review]
bug fix

r=nelson.  Good Job.  I'm impressed with how quickly you found that leak.  
I'm asking Julien for SR so that this patch can go into 3.11.1

        Attachment #211808 -
        Flags: superreview?(julien.pierre.bugs)

        Attachment #211808 -
        Flags: review?(nelson)

        Attachment #211808 -
        Flags: review+

    
    

    
  
Nominating for NSS 3.11.1
Priority: -- → P2
Target Milestone: --- → 3.11.1

    
  

        Attachment #211808 -
        Flags: superreview?(julien.pierre.bugs) → superreview+

    
    

    
  
Checking in ssl3con.c: 1.77 -> 1.78
Checking in ssl3con.c NSS_3_11_BRANCH: 1.76.2.1 -> 1.76.2.2

Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: