Closed
Bug 101406
Opened 23 years ago
Closed 8 years ago
unknown Certificate Authority hangs networking / networking blocked in other windows
Categories
(Core Graveyard :: Security: UI, defect, P3)
Core Graveyard
Security: UI
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: timeless, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [kerh-coz])
Attachments
(1 file)
|
191.55 KB,
image/png
|
Details |
screenshot
from bug 101354 #8
steps: control click the url link
you should get an unrecognized certificate authority dialog
come back to this bug window, click a normal web link (ie not an email link)
expected results: browser follows link
actual results: browser waits until you dismiss the unrecognized cert dialog
this is really annoying because you could be trying to file a bug like bug
101354 and trying to use google to look up the spelling for raison d'être...
steps to lookup spelling: in a navigator window url bar w/ google set as your
search engine, type 'reason detre', press <up>, <enter>, if networking isn't
hung, google will suggest raison detre which lets you get the correct spelling...
|
||
Updated•23 years ago
|
Severity: major → normal
Priority: -- → P3
Target Milestone: --- → Future
|
||
Comment 1•23 years ago
|
||
timeless: what build version did you test?
|
||
Comment 2•23 years ago
|
||
Darin: Please look at the depend bug 101390 for the build ID :-)
|
|
||
Comment 3•23 years ago
|
||
problem reported w/ build 200192403 under w98
|
||
Comment 4•22 years ago
|
||
What could we do?
PSM is implemented as a I/O layer.
This was done to isolate necko from the crypto logic.
As a result, PSM needs to do all its error handling while we are in the middle
of network transfers.
Are we blocking, because necko does not allow concurrent network activity?
|
|
||
Comment 6•22 years ago
|
||
*** Bug 147263 has been marked as a duplicate of this bug. ***
|
|
||
Comment 7•22 years ago
|
||
To summarize: When two browser windows are open, and one window displays a
security error message, networking is blocked in other windows.
OS: Windows 98 → All
Hardware: PC → All
|
|
||
Updated•22 years ago
|
Summary: unknown Certificate Authority hangs networking → unknown Certificate Authority hangs networking / networking blocked in other windows
|
|
||
Comment 8•22 years ago
|
||
*** Bug 190690 has been marked as a duplicate of this bug. ***
|
||
Comment 9•22 years ago
|
||
other tabs and email sending too ...
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
(some extensions installed, including Enigmail)
I think I am seeing this as well. I use an email server with SSL whose
certificate just expired, and I get a Server Certificate Expired dialog box.
While this dialog is up, all network activity seems to stop.
Oftentimes the dialog comes up several seconds after I have clicked the send
button, and switched to other windows. When the dialog comes up, I won't see it
(buried under so other window), so I spend a lot of time trying to click links,
waiting it to load IMAP messages, etc. Often the delay is so long that Chatzilla
disconnects from the IRC server before I notice that the dialog is up.
|
||
Comment 13•21 years ago
|
||
Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody. Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
|
|
||
Comment 14•19 years ago
|
||
Maybe we could fix it using the following approach:
When we notice this problem
- we spawn a separate thread to bring up the UI
- the crypto code marks this socket as "delayed" and whenever we are asked by network transport to transfer something, we will reply with "would block"
- once the user confirms the dialog, we will continue (or cancel) as usual
Whiteboard: [kerh-coz]
|
||
Comment 15•19 years ago
|
||
(In reply to comment #14)
> Maybe we could fix it using the following approach:
>
> When we notice this problem
> - we spawn a separate thread to bring up the UI
You can't show UI on a thread other than the UI thread.
> - the crypto code marks this socket as "delayed" and whenever we are asked by
> network transport to transfer something, we will reply with "would block"
> - once the user confirms the dialog, we will continue (or cancel) as usual
I don't think this is gonna work if you're on the UI thread. You'll have to just make the calls non-blocking, and use plevents to communicate completion status.
|
||
Comment 16•19 years ago
|
||
Another consideration for this bug - the "Unknown CA" dialog is modal, which prevents tabbed browsing altogether. Even if the networking were still active, the UI prevents access to those tabs.
Suggest also that the dialog be somehow linked to the tab, or be displayed as the tab contents, in much the same manner as the error pages now are.
|
|
||
Comment 17•19 years ago
|
||
This should now be (partially) fixed on the trunk.
If one window is blocked by a certificate/SSL error/warning prompt, you'll now be able to use non-SSL networking in other windows.
But still, you are not able to use SSL while one window is blocked on SSL. This would require to enhance the solution used in bug 111384 further, to introduce a pool of threads, as opposed to just one.
|
||
Updated•18 years ago
|
QA Contact: junruh → ui
|
||
Comment 18•17 years ago
|
||
Now that bug 327181 has been fixed, is this bug now irrelevant? Or am I perhaps misunderstanding this bug?
|
|
||
Comment 19•17 years ago
|
||
I agree, this might be irrelevant, because we no longer prompt for bad certs in a middle of a connection.
But I fear there might be similar scnearios where this bug can still show up:
- when we prompt the user to select a personal cert for SSL client auth
- when we prompt the user to unlock the security device / enter the master
password before we can proceed with a connection.
|
Reporter | |
Comment 20•16 years ago
|
||
having just patched bug 101378, it's still quite relevant. and it pretty much means rearchitecting all of the things that I left as modal.
we need to change the system so that all of the call chains to the things that are still modal are done from a non UI thread. And instead of it just calling the dialog method, it needs to use threadsafe param blocks and get a proxy to the nssDialogs and then dispatch the param blocks to the dialogs. The dialogs would no longer need to be modal.
Version: 1.0 Branch → Trunk
|
||
Comment 21•14 years ago
|
||
@timeless: any chance you could clarify the STR or highlight a specific modal dialog that should be tab-modal instead (or non-modal, or untrusted CA, etc.)? I'm trying to find all such outstanding issues and link them to bug 616843.
(It's just that the only dialog I'm familiar with, "invalid certificate", is no longer a dialog in v3.6)
|
||
Comment 22•14 years ago
|
||
I believe this problem just hit me when trying to access https://metrics.mozilla.com.
@Roman: The window-modal dialog which should be tab-modal is "Untrusted Connection". I've attached a screenshot (if I understand this bug correctly; I'm not certain I do).
|
||
Updated•11 years ago
|
Blocks: fxdesktopbacklog
Whiteboard: [kerh-coz] → [kerh-coz] [defect] p=0
|
|
||
Updated•11 years ago
|
No longer blocks: fxdesktopbacklog
Whiteboard: [kerh-coz] [defect] p=0 → [kerh-coz]
|
|
||
Updated•11 years ago
|
Flags: firefox-backlog?
|
||
Updated•11 years ago
|
Flags: firefox-backlog? → firefox-backlog+
|
||
Comment 24•8 years ago
|
||
The certificate error *dialog* was removed long ago. The issue in comment 22 is about the certificate error *override* dialog, which shouldn't be window-modal (but at least it doesn't stop all other network traffic as described in this bug).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•