Closed Bug 218916 Opened 21 years ago Closed 21 years ago

Can't find a valid SSL client certificate in SSL sessions

Categories

(Core Graveyard :: Security: UI, defect)

Other Branch
x86
Windows 2000
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: bugzilla, Assigned: ssaux)

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030829
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030829

Our PKCS#11 interface implementation don't works anymore with Mozilla while
doing client autenticated SSL sessions (where SSL client certificate is required)
The Library was tested and is working with Netscape 4.79 and Mozilla 1.3.
With recent builds (1.4 and 1.5a) Mozilla started to pass invalid values while
searching objects and retieving attributes.

So, Just after the first session is opened Mozilla try 2 searches (second one on
an invalid session) with the following Template:
pTemplate[0]:
	Type: CKA_CLASS
	Len: 4
	Value:0xCE534354 (NOTE: this is the value, not pointer to the value)
Our PKCS#11 library report 0 objects found or CKR_SESSION_HANDLE_INVALID.

Then Mozilla look for a certificate using following template:
pTemplate[0]:
	Type: CKA_TOKEN
	Len: 1
	Value: TRUE
pTemplate[1]:
	Type: CKA_CLASS
	Len: 4
	Value: CKO_CERTIFICATE

Then Mozilla calls C_GetAttributeValue(), to get CKA_TOKEN and CKA_LABEL; and
again C_GetAttributeValue() to get almost all Certificate attributes. But last
attribute type is invalid and is always 0xCE534352:
pTemplate[9]:
	Type: 0xCE534352
	Len: 0
	Value: ?
Our Library reports CKR_ATTRIBUTE_TYPE_INVALID as Retrun Value and set the
ulValueLen field of the invalid attribute type to -1

Errors don't seem to stop Mozilla, that continue to search for a Private key
(CKA_ID and CKA_CLASS=CKO_PRIVATE_KEY), founding it.
Then again an invalid value for CKA_CLASS in a search ( 0xCE534353 ).
And again a search for a Private key, same template as before, found as before.
After that last search Mozilla diplay the IIS Server page that specify that a
client certificate is required (while should ask wich client certificate should
be used)

I'm going to attach a complete log for the session, where all function call and
parameters are shown


Reproducible: Always

Steps to Reproduce:





Mozilla dont' stop processing after it received the
All function calls are shown. For each, almost all parameters are displayed.
The log show how Mozilla is passing invalid parameters while calling
C_FindObjectsInit() and C_GetAttributeValue().
Mozilla display the "Client cettificate required" page sent by the HTTPS server
instead of asking fot the client certificate to be used.
Sorry, this was a problem inside our library.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: