Minor nss-3.112.0-1.el9_4, nss-3.112.0-1.el10_0 give slightly wrong alerts for compressed client certificates corner cases
$ selfserv -r -n server -d sql:nssdb-serv -q -p 4433 2>server.err >server.out & $ PYTHONPATH=tlsfuzzer /usr/bin/time --quiet -o mem.out -f %M python3 test_tls13_client_certificate_compression.py --algorithms zlib --skip-bombs --random-fuzz-size 0 -c client/cert.pem -k client/key.pem
Multiple Compressed Certificate Messages ... Error encountered while processing node ExpectAlert(level=2, description=(10,)) (child: None) with last message being: <tlslite.messages.Message object at 0x7f39bbd28ac0> Error while processing Traceback (most recent call last): File "/tmp/tmp.fingertipt/test_tls13_client_certificate_compression.py", line 1107, in main runner.run() File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/runner.py", line 242, in run node.process(self.state, msg) File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/expect.py", line 1973, in process raise AssertionError(problem_desc) AssertionError: Expected alert description "unexpected_message" does not match received "decode_error"
Empty compressed message ... Error encountered while processing node ExpectAlert(level=2, description=(50,)) (child: None) with last message being: <tlslite.messages.Message object at 0x7f39bbd82520> Error while processing Traceback (most recent call last): File "/tmp/tmp.fingertipt/test_tls13_client_certificate_compression.py", line 1107, in main runner.run() File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/runner.py", line 242, in run node.process(self.state, msg) File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/expect.py", line 1973, in process raise AssertionError(problem_desc) AssertionError: Expected alert description "decode_error" does not match received "bad_certificate" unsupported algorithm, 65535 ... Additional bytes, zlib, before, unreflected in size ... Error encountered while processing node ExpectAlert(level=2, description=(50,)) (child: None) with last message being: <tlslite.messages.Message object at 0x7f39bbd28d00> Error while processing Traceback (most recent call last): File "/tmp/tmp.fingertipt/test_tls13_client_certificate_compression.py", line 1107, in main runner.run() File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/runner.py", line 242, in run node.process(self.state, msg) File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/expect.py", line 1973, in process raise AssertionError(problem_desc) AssertionError: Expected alert description "decode_error" does not match received "bad_certificate" Additional bytes, zlib, after, unreflected in size ... Error encountered while processing node ExpectAlert(level=2, description=(50,)) (child: None) with last message being: <tlslite.messages.Message object at 0x7f39bbd31760> Error while processing Traceback (most recent call last): File "/tmp/tmp.fingertipt/test_tls13_client_certificate_compression.py", line 1107, in main runner.run() File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/runner.py", line 242, in run node.process(self.state, msg) File "/tmp/tmp.fingertipt/tlsfuzzer/tlsfuzzer/expect.py", line 1973, in process raise AssertionError(problem_desc) AssertionError: Expected alert description "decode_error" does not match received "bad_certificate"
