Closed
Bug 574011
Opened 14 years ago
Closed 1 year ago
SSL_ERROR_UNRECOGNIZED_NAME_ALERT is ambiguous
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: nelson, Unassigned)
Details
For all the SSL/TLS "alert" records, libSSL needs TWO error codes: - one error code whose name ends in _ALERT, and - another error code with the same name, but no trailing _ALERT The idea is that the system that detects the error and sends the alert locally reports the error code without the _ALERT ending. The peer system that receives the alert record locally reports the error code whose name ends in _ALERT. This way, we can tell by looking at the error code whether the log is telling us that the local system detected the error, or the remote system detected the error and reported it to us with an alert record. The immediate problem is that libSSL is now using the error code SSL_ERROR_UNRECOGNIZED_NAME_ALERT for both meanings. There should be, but is NO error code named SSL_ERROR_UNRECOGNIZED_NAME, and NSS's SSL server code should report THAT error code when it receives a client hello with an SNI bearing an unrecognized name. This is a MAJOR issue for products that act as both client and server. If I was still at Sun, I'd make this P1.
Comment 1•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months and this bug has priority 'P2'/severity 'major'.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: alvolkov.bgs → nobody
Flags: needinfo?(bbeurdouche)
Comment 2•2 years ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Severity: major → --
Updated•1 year ago
|
Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(bbeurdouche)
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•