Hi there,
I am developing a generic SSL pipe XPCOM component which can be used
on any Input/Output stream pair. So far it sort of works but I am
facing one problem and I am not sure how to deal with it. The problem
arrises when a client connects to a server but refuses to continue
because of certificate errors. Lets say that we have an input stream
from a ServerSocket. This input stream is wrapped with my SSL pipe
component. If the client connects but refuses to continue, due to the
SSL certificate is invalid for the current domain name, the code will
fail with a crash within ssl3con.c, ssl3_HandleAlert function, on the
following line:
if (level == alert_fatal) {
ss->sec.uncache(ss->sec.ci.sid);
The reason it fails is because ss->sec.uncache is set to null, 0, i.e.
nothing there to access.
The question is why is this happening and what I should do to fix the
problem. Perhaps I need to init my ssl fd differently?
The obvious solution will be to add my own handler on that place but
then shouldn't that be handled by NSS? I haven't seen example code
which comes down to such hacks.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
