The NSS tinderboxes have tstclnt SSL socket write failures with strange error messages: tstclnt: write to SSL socket failed: Cannot connect: SSL peer is in another FORTEZZA domain. tstclnt: write to SSL socket failed: Cannot connect: SSL is disabled. Note that the tests passed, so this bug is about the unreasonable error message. "Cannot connect: SSL peer is in another FORTEZZA domain." is the error message for SSL_ERROR_FORTEZZA_PQG, and this MXR query shows NSS does not set that error: http://mxr.mozilla.org/security/ident?i=SSL_ERROR_FORTEZZA_PQG
On the NSS 3.12 branch, the error messages are: tstclnt.exe: write to SSL socket failed: SSL peer rejected your certificate as revoked. tstclnt.exe: write to SSL socket failed: SSL peer cannot verify your certificate. So the error messages are off by three error codes. I bet this offset is caused by the three missing error code entries in SSLerrs.h: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/SSLerrs.h&rev=1.12&mark=55,69,77-79#55
Priority: P2 → P1
Target Milestone: --- → 3.13
Version: trunk → 3.13
Oops... We need place holders for the unused error codes. In some cases the error.h files are used to construct tables, so the table needs to be complete and in order. bob
This bug fell through the cracks. Elio, could you write a patch? Thanks.
Assignee: nobody → emaldona
Status: NEW → ASSIGNED
Created attachment 564886 [details] [diff] [review] cover the unused error codes Covers error code mapping for unused slots 5, 10, and 13. Used "obsolete" in two and "undefined" on the third because it looked as if someone may have intended to define one at some point.
Comment on attachment 564886 [details] [diff] [review] cover the unused error codes Nit: I suggest just naming the unused errors SSL_ERROR_UNUSED_5 and SSL_ERROR_UNUSED_10.
Created attachment 564902 [details] [diff] [review] cover the unused error codes revised My tests are still running.
(In reply to Wan-Teh Chang from comment #6) > SSL_ERROR_UNUSED_5 and SSL_ERROR_UNUSED_10. I hadn't seen that comment when I resend the patch. Yes, will use those names instead. I now use the same error string for all three, 5, 10, and 13.
Comment on attachment 564902 [details] [diff] [review] cover the unused error codes revised r=wtc. I suggest the following changes. In mozilla/security/nss/lib/ssl/SSLerrs.h: >+ER3(SSL_ERROR_UNUSED_FIFTH, SSL_ERROR_BASE + 5, >+"Unrecognized ssl error code.") Capitalize "SSL" in the three error messages. Nit: name the unused error codes SSL_ERROR_UNUSED_5, SSL_ERROR_UNUSED_10. In mozilla/security/nss/lib/ssl/sslerr.h: >+SSL_ERROR_UNUSED_FIFTH = (SSL_ERROR_BASE + 5), >+SSL_ERROR_UNUSED_TENTH = (SSL_ERROR_BASE + 10), Nit: name these error codes SSL_ERROR_UNUSED_5, SSL_ERROR_UNUSED_10.
Attachment #564902 - Flags: review?(wtc) → review+
Created attachment 564920 [details] [diff] [review] unused error codes V3 - applieed wtc suggested renaming all tests passed.
Comment on attachment 564920 [details] [diff] [review] unused error codes V3 - applieed wtc suggested renaming Nit: In mozilla/security/nss/lib/ssl/SSLerrs.h, you have an extra TAB character in the middle of these two lines: >+ER3(SSL_ERROR_UNUSED_10, SSL_ERROR_BASE + 10, >+ER3(SSL_ERROR_POST_WARNING, SSL_ERROR_BASE + 13,
Attachment #564920 - Flags: review?(wtc) → review+
Patch committed to trunk: Checking in mozilla/security/nss/lib/ssl/SSLerrs.h; /cvsroot/mozilla/security/nss/lib/ssl/SSLerrs.h,v <-- SSLerrs.h new revision: 1.13; previous revision: 1.12 done Checking in mozilla/security/nss/lib/ssl/sslerr.h; /cvsroot/mozilla/security/nss/lib/ssl/sslerr.h,v <-- sslerr.h new revision: 1.14; previous revision: 1.13 done
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.