diff options
author | nelsonb%netscape.com <devnull@localhost> | 2001-06-13 21:14:54 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2001-06-13 21:14:54 +0000 |
commit | 6bfe20d7337d2b875b14cdf807b541780ba8bc4c (patch) | |
tree | 4c3b0592dc866013d34850927d74557ecc290013 | |
parent | e44ff2b5256864bf2f647c8672aa72bfeea8e217 (diff) | |
download | nss-hg-6bfe20d7337d2b875b14cdf807b541780ba8bc4c.tar.gz |
Fix bug 68869. Don't ignore TLS no certificate messages when the server
requires client auth. Work around bug in NT TCP stack by only shutting
down the socket for SEND (not for BOTH) after sending a bad_certificate
alert. This avoids bogus CONNECTION_RESET_BY_PEER errors at the client.
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index a80da28fe..be252d7d6 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -1571,7 +1571,11 @@ ssl3_HandleNoCertificate(sslSocket *ss) SSL3_SendAlert(ss, alert_fatal, bad_certificate); lower = ss->fd->lower; +#ifdef _WIN32 + lower->methods->shutdown(lower, PR_SHUTDOWN_SEND); +#else lower->methods->shutdown(lower, PR_SHUTDOWN_BOTH); +#endif PORT_SetError(SSL_ERROR_NO_CERTIFICATE); return SECFailure; } @@ -6309,6 +6313,10 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* This is TLS's version of a no_certificate alert. */ /* I'm a server. I've requested a client cert. He hasn't got one. */ rv = ssl3_HandleNoCertificate(ss); + if (rv != SECSuccess) { + errCode = PORT_GetError(); + goto loser; + } goto cert_block; } |