Closed Bug 1348713 Opened 7 years ago Closed 7 years ago

Certificate Transparency information isn't set on session resumption

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Version:
52 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: 61.1p57, Assigned: keeler)

Details

(Whiteboard: [psm-assigned])

Attachments

(2 files)

Screenshot.PNG
134.25 KB, image/png
Details
bug 1348713 - ensure CT information is set in the case of session resumption
59 bytes, text/x-review-board-request
jcj
: review+
Details
Attached image Screenshot.PNG 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170302120751

Steps to reproduce:

Open a site and check its site info.


Actual results:

The ct indicator normally shows up but sometimes it doesn't.


Expected results:

The indicator should always show up unless it's completely disabled via the settings.
Component: Untriaged → Security: PSM
Product: Firefox → Core
We don't set the CT status in HandshakeCallback, which means it isn't displayed for session resumption.
Assignee: nobody → dkeeler
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Summary: Certificate Transparency indicator occasionally doesn't show up → Certificate Transparency information isn't set on session resumption
Whiteboard: [psm-assigned]
It's unclear how best to test this. We could add a firefox-ui test, but I'm not too familiar with those (I also don't know if we can ensure we're doing session resumption or not...). Another option would be to extend our built-in CT information to have a debug-only test log that we have the key for (this is similar to what we do with EV). Once we have that, we can add all sorts of integration tests for our CT implementation. That's a fair bit of engineering work, though.
Comment on attachment 8849625 [details]
bug 1348713 - ensure CT information is set in the case of session resumption

https://reviewboard.mozilla.org/r/122422/#review124574

r+. LGTM.

I think we should file a bug to add CT / SCT tests, with a mock log as you suggest. Put it into the backlog and note in there we need to test this bug's change.
Attachment #8849625 - Flags: review?(jjones) → review+
Thanks! Try looked good: https://treeherder.mozilla.org/#/jobs?repo=try&revision=66b85ec6062b (I basically just wanted to confirm that it builds on other platforms)

I filed bug 1349312 for the test infrastructure.
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/afcb04dafd03
ensure CT information is set in the case of session resumption r=jcj
https://hg.mozilla.org/mozilla-central/rev/afcb04dafd03
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: