Closed Bug 1348713 Opened 5 years ago Closed 5 years ago

Certificate Transparency information isn't set on session resumption


(Core :: Security: PSM, defect, P1)

52 Branch



Tracking Status
firefox55 --- fixed


(Reporter: 61.1p57, Assigned: keeler)


(Whiteboard: [psm-assigned])


(2 files)

Attached image Screenshot.PNG
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170302120751

Steps to reproduce:

Open a site and check its site info.

Actual results:

The ct indicator normally shows up but sometimes it doesn't.

Expected results:

The indicator should always show up unless it's completely disabled via the settings.
Component: Untriaged → Security: PSM
Product: Firefox → Core
We don't set the CT status in HandshakeCallback, which means it isn't displayed for session resumption.
Assignee: nobody → dkeeler
Ever confirmed: true
Priority: -- → P1
Summary: Certificate Transparency indicator occasionally doesn't show up → Certificate Transparency information isn't set on session resumption
Whiteboard: [psm-assigned]
It's unclear how best to test this. We could add a firefox-ui test, but I'm not too familiar with those (I also don't know if we can ensure we're doing session resumption or not...). Another option would be to extend our built-in CT information to have a debug-only test log that we have the key for (this is similar to what we do with EV). Once we have that, we can add all sorts of integration tests for our CT implementation. That's a fair bit of engineering work, though.
Comment on attachment 8849625 [details]
bug 1348713 - ensure CT information is set in the case of session resumption

r+. LGTM.

I think we should file a bug to add CT / SCT tests, with a mock log as you suggest. Put it into the backlog and note in there we need to test this bug's change.
Attachment #8849625 - Flags: review?(jjones) → review+
Thanks! Try looked good: (I basically just wanted to confirm that it builds on other platforms)

I filed bug 1349312 for the test infrastructure.
Pushed by
ensure CT information is set in the case of session resumption r=jcj
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.