Minor Not a regression from 3.101, but nss-3.112.0-1.el10_0 and nss-3.112.0-1.el9_4 proceed on a zero-length CertificateCompressionAlgorithm instead of aborting with decode_error:
enum {
zlib(1),
brotli(2),
zstd(3),
(65535)
} CertificateCompressionAlgorithm;
struct {
CertificateCompressionAlgorithm algorithms<2..2^8-2>;
} CertificateCompressionAlgorithms;
reproducer
$ selfserv -n server -d sql:nssdb-serv -q -p 4433 2>server.err >server.out & $ PYTHONPATH=tlsfuzzer python3 tlsfuzzer/scripts/test-tls13-certificate-compression.py --algorithms zlib ... empty list ... Error encountered while processing node ExpectAlert(level=2, description=50) (child: <tlsfuzzer.expect.ExpectClose object at 0x7f543cbe5430>) with last message being: <tlslite.messages.Message object at 0x7f543c9b1c40> Error while processing Traceback (most recent call last): File "/tmp/tmp.fingertipt/tlsfuzzer/scripts/test-tls13-certificate-compression.py", line 734, in main runner.run() File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/runner.py", line 235, in run raise AssertionError("Unexpected message from peer: " + AssertionError: Unexpected message from peer: Handshake(server_hello)
