Closed Bug 367037 Opened 19 years ago Closed 18 years ago

Strsclnt doesn't inform user when incorrect cipher set, just prints usage info.

Categories

(NSS :: Tools, defect, P2)

Product:
NSS
Component:
Tools
Version:
3.11.4
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.7

People

(Reporter: slavomir.katuscak+mozilla, Assigned: nelson)

References

Details

Attachments

(1 file)

patch v1 - improve error msgs for bad cipher values
3.51 KB, patch
neil.williams
: review+
alvolkov.bgs
: superreview+
Details | Diff | Splinter Review
Start selfserv: selfserv -D -p 8443 -d /share/builds/mccrel3/security/securitytip/builds/20070111.1/wozzeck_Solaris8/mozilla/tests_results/security/mace.5/server_memleak -n mace.red.iplanet.com -e mace.red.iplanet.com-ec -w nss -c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz -t 5 Test strsclnt with correct cipher: strsclnt -q -p 8443 -d /share/builds/mccrel3/security/securitytip/builds/20070111.1/wozzeck_Solaris8/mozilla/tests_results/security/mace.5/client_memleak -w nss -c 1000 -C y mace.red.iplanet.com strsclnt: -- SSL: Server Certificate Validated. strsclnt: 0 cache hits; 1 cache misses, 0 cache not reusable strsclnt: 999 cache hits; 1 cache misses, 0 cache not reusable Test strsclnt with incorrect cipher: strsclnt -q -p 8443 -d /share/builds/mccrel3/security/securitytip/builds/20070111.1/wozzeck_Solaris8/mozilla/tests_results/security/mace.5/client_memleak -w nss -c 1000 -C z mace.red.iplanet.com Usage: strsclnt [-n nickname] [-p port] [-d dbdir] [-c connections] [-23BDNTovqs] [-f filename] [-N | -P percentage] [-w dbpasswd] [-C cipher(s)] [-t threads] hostname where -v means verbose -o flag is interpreted as follows: 1 -o means override the result of server certificate validation. 2 -o's mean skip server certificate validation altogether. -D means no TCP delays -q means quit when server gone (timeout rather than retry forever) -s means disable SSL socket locking -N means no session reuse -P means do a specified percentage of full handshakes (0-100) -2 means disable SSL2 -3 means disable SSL3 -T means disable TLS -U means enable throttling up threads -B bypasses the PKCS11 layer for SSL encryption and MACing Info about cipher z from sslcov.txt: noECC noTLS z SSL3_RSA_WITH_NULL_SHA noECC TLS z TLS_RSA_WITH_NULL_SHA This cipher isn't normally tested as part of ssl tests. I don't know the reason why it is there, but my opinion is that there should be some error message informing that incorrect cipher is set, instead of usage page.
Blocks: 370957
The cause of this bug is also the cause of bug 367133. The fix to this bug will also fix bug 367133, strsclnt should NEVER call the Usage() function after initializing NSS. The Usage() function calls exit() without shutting down NSS and NSPR first. The fix for this bug will be to change function client_main so that it never calls Usage() or exit(), but instead to print a meaningful error message (one that identifies the specific bad cipher suite), set the global boolean failed_already to true, and returns. Then the code will continue to shutdown NSS and NSPR, plugging the leaks in bug 367133. We should make sure this bug is fixed before we fix bug 370957. This bug blocks bug 370957.
Assignee: nobody → nelson
Status: NEW → ASSIGNED
Attachment #255742 - Flags: superreview?(alexei.volkov.bugs)
Attachment #255742 - Flags: review?(neil.williams)
Comment on attachment 255742 [details] [diff] [review] patch v1 - improve error msgs for bad cipher values Found one bug in my patch. The format string "(0x%04)" should be "(0x%04x)". I'll fix that before checkin.
Comment on attachment 255742 [details] [diff] [review] patch v1 - improve error msgs for bad cipher values That's better.
Attachment #255742 - Flags: review?(neil.williams) → review+
Please reviwe this week.
Priority: -- → P2
Target Milestone: --- → 3.11.7
Alexei, please review ASAP for 3.11.7
Comment on attachment 255742 [details] [diff] [review] patch v1 - improve error msgs for bad cipher values r=alexei.volkov
Attachment #255742 - Flags: superreview?(alexei.volkov.bugs) → superreview+
Checking in strsclnt.c; new revision: 1.54; previous revision: 1.53
committed on 3.11 branch, Checking in strsclnt.c; new revision: 1.43.2.8; previous revision: 1.43.2.7
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: