Closed Bug 330408 Opened 19 years ago Closed 11 years ago

SSLsample server.c sample code is misleading

Categories

(NSS :: Documentation, defect, P2)

Product:
NSS
Component:
Documentation
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: chris.newman, Assigned: nelson)

References

(
URL
)

Details

The SSLsample server.c sample code is misleading to implementers because it calls SSL_ConfigMPServerSIDCache after NSS initialization. A server implementer starting with this sample and adding support for multiple server processes will insert his fork() calls after the SSL_ConfigMPServerSIDCache call and the result won't work. Please move the call to SSL_ConfigMPServerSIDCache to before the PK11_SetPasswordFunc call so implementers won't fall into this trap. I'm aware of at least three cases where server implementers have fallen into this trap and they might have started with this sample code. Failure to get this right can result in subtle bugs in multi-threaded servers.
Assignee: wtchang → nelson
The SSLsample source code exists to be a form of documentation, exemplifying the use of NSS for SSL. It is built as part of NSS builds to ensure that it continues to compile, so in once sense it is part of QA. But the truth is that the SSLsample programs are anything but exemplary. The *REAL* exemplary programs are tstclnt, strsclnt and selfserv. IINM, selfserv.c demonstrates the use of SSL_ConfigMPServerSIDCache before NSS initialization. So, I propose that we "fix" this bug by eliminating the flawed SSLsample programs, and changing any other NSS documentation that cites them to cite tstclnt, strsclnt and selfserv instead. Any objects to this proposal?
Component: Tools → Documentation
Priority: -- → P2
Target Milestone: --- → 3.11.2
Version: unspecified → 3.2
QA Contact: jason.m.reid → documentation
I have no objection to Nelson's proposal.
Wan-Teh, Bob, Julien, Any objection to me CVS removing the SSLSample directory (and subdirs) from nss/cmd? Please expression your opinion, soon. This will create a documentation problem. Some of the docs will continue to point to sslsample code, which won't be there any more. That doc will need to be rewritten. But I'd rather have that problem than the problem cited in comment 0.
I have no objection in principle to the removal of SSLsample. Before doing that, I suggest the code for both of these programs be reviewed to find out if there are any APIs for which the use is demonstrated that isn't also demonstrated in the other programs - selfserv, strsclnt and tstclnt. If there are, we should file tracking bugs to add tests and bring them to parity in terms of API coverage.
Retargetting all P2s to 3.11.3 .
Target Milestone: 3.11.2 → 3.11.3
remove target milestone, since the target was missed.
Target Milestone: 3.11.3 → ---
Bug 359302 removed server.c (and the rest of SSLsample).
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.