Closed
Bug 218916
Opened 21 years ago
Closed 21 years ago
Can't find a valid SSL client certificate in SSL sessions
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: bugzilla, Assigned: ssaux)
Details
Attachments
(1 file)
43.17 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030829 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030829 Our PKCS#11 interface implementation don't works anymore with Mozilla while doing client autenticated SSL sessions (where SSL client certificate is required) The Library was tested and is working with Netscape 4.79 and Mozilla 1.3. With recent builds (1.4 and 1.5a) Mozilla started to pass invalid values while searching objects and retieving attributes. So, Just after the first session is opened Mozilla try 2 searches (second one on an invalid session) with the following Template: pTemplate[0]: Type: CKA_CLASS Len: 4 Value:0xCE534354 (NOTE: this is the value, not pointer to the value) Our PKCS#11 library report 0 objects found or CKR_SESSION_HANDLE_INVALID. Then Mozilla look for a certificate using following template: pTemplate[0]: Type: CKA_TOKEN Len: 1 Value: TRUE pTemplate[1]: Type: CKA_CLASS Len: 4 Value: CKO_CERTIFICATE Then Mozilla calls C_GetAttributeValue(), to get CKA_TOKEN and CKA_LABEL; and again C_GetAttributeValue() to get almost all Certificate attributes. But last attribute type is invalid and is always 0xCE534352: pTemplate[9]: Type: 0xCE534352 Len: 0 Value: ? Our Library reports CKR_ATTRIBUTE_TYPE_INVALID as Retrun Value and set the ulValueLen field of the invalid attribute type to -1 Errors don't seem to stop Mozilla, that continue to search for a Private key (CKA_ID and CKA_CLASS=CKO_PRIVATE_KEY), founding it. Then again an invalid value for CKA_CLASS in a search ( 0xCE534353 ). And again a search for a Private key, same template as before, found as before. After that last search Mozilla diplay the IIS Server page that specify that a client certificate is required (while should ask wich client certificate should be used) I'm going to attach a complete log for the session, where all function call and parameters are shown Reproducible: Always Steps to Reproduce: Mozilla dont' stop processing after it received the
Reporter | ||
Comment 1•21 years ago
|
||
All function calls are shown. For each, almost all parameters are displayed. The log show how Mozilla is passing invalid parameters while calling C_FindObjectsInit() and C_GetAttributeValue(). Mozilla display the "Client cettificate required" page sent by the HTTPS server instead of asking fot the client certificate to be used.
Reporter | ||
Comment 2•21 years ago
|
||
Sorry, this was a problem inside our library.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•