Closed
Bug 51436
Opened 24 years ago
Closed 24 years ago
SSL Server code failing on tip PK11_ImportSymKey fails
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.0.1
People
(Reporter: nelson, Assigned: rrelyea)
References
Details
In correspondence about bugzilla bug 48657, John Myers reported
that he couldn't get SSL Server code to work on the tip.
So I tried it and found numerous strange phenomena. John was
right, SSL server code wasn't able to complete a handshake.
One of the sequences I saw was this:
pk11_CopyToSlot calls PK11_ExtractKeyValue() which succeeds,
then calls PK11_ImportSymKey(), which calls
pk11_ImportSymKeyWithTempl(), which calls PK11_CreateNewObject(),
which calls NSC_CreateObject(), which calls pk11_SessionFromHandle()
which returns null.
So, then pk11_CopyToSlot calls pk11_KeyExchange(), which is VERY
costly.
(As an aside, I think that there ought to be some way for
pk11_CopyToSlot to distinguish among the different types of
failures from PK11_ImportSymKey(). Some of those failures
are because the key cannot be copied in an unwrapped fashion.
Other failures are just failures, and wrapping won't help.
IMO pk11_CopyToSlot should not call pk11_KeyExchange() after
the latter type of failure. Today it always does. :-(
Reporter | ||
Updated•24 years ago
|
Assignee | ||
Comment 3•24 years ago
|
||
OK, This bug *IS* present in both 3.0 and 3.1. To trigger the bug you need to do
several full SSL handshakes on the server. PSM would also have the problem in
some cases where it was using keys other than SSL keys (SDR may start failing
after several SSL handshakes).
The test suites succeed because none of the test suites do more than one full
SSL handshake (including the stress test suites).
Status: NEW → ASSIGNED
Reporter | ||
Comment 4•24 years ago
|
||
Changing target fix version to 3.0.1
Bob, I confirm that your recent checkin fixed this.
Target Milestone: 3.0 → 3.0.1
Reporter | ||
Comment 5•24 years ago
|
||
I'm taking the liberty of marking this bug fixed.
I have confirmed that SSL is working in NSS 3.0.1.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•