Closed Bug 1384335 Opened 7 years ago Closed 7 years ago

Client certificate dialog pops up from speculativeConnect2 while typing in the address bar

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Platform:
All
Unspecified
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 910207
Tracking Flags:
Tracking Status
firefox55 --- ?
firefox56 --- affected

People

(Reporter: MattN, Unassigned)

References

(
URL
)

Details

(Whiteboard: [fxsearch])

Attachments

(2 files)

Screen Shot 2017-07-25 at 4.17.57 PM.png
54.78 KB, image/png
Details
Log subset showing speculative connection to https://auth.startssl.com/
74.80 KB, text/plain
Details
In the last month I have started to get client certificate auth dialogs when typing into the awesomebar. The dialog causes the autocomplete popup to close which interrupts what I'm trying to do. We should be suppressing auth dialogs (basic, digest or client certificates) for whatever network load is happening when the dialog is open. I don't know what the network request is even for? Favicons? Preloading? I'm marking this as a regression since it only started in the last month even though I haven't been to startssl for a few years. I do see this was reported and marked WORKSFORME 2 years ago so it's possible that this has been a problem for much longer but some frecency change made me hit it much more often recently. https://stackoverflow.com/a/42770043 lists two client certificate test sites
Maybe it's speculative connect? May you try disabling it through browser.urlbar.speculativeConnect.enabled and tell if that makes a difference?
Flags: needinfo?(MattN+bmo)
Priority: -- → P1
Whiteboard: [fxsearch]
I know not much about client certificate, but I wonder if speculative connect will trigger that, since for autocompleted url we just create network connection without fetching anything. I couldn't reproduce this issue on a machine with client certificate installed. From [1] it seems the certificate is exchanged over TLS (let me know if this is totally the wrong reference), so I assume the dialog will show up at the moment we create a socket connection? [1] https://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake
(In reply to Marco Bonardo [::mak] from comment #1) > Maybe it's speculative connect? May you try disabling it through > browser.urlbar.speculativeConnect.enabled and tell if that makes a > difference? Unfortunately I don't have reliable STR so it would be hard for me to know if it goes away. I'll set it to false for now and see if it happens again. I just spent quite a bit of time in a new profile trying to reproduce the bug (with theories related to favicions and speculative connections) but I couldn't reproduce it at all. I even tried calling speculateConnect2 in the Browser Console for a client auth URL and it didn't reproduce. I don't know if that API takes the path of the URI into account since the test sites I'm using from comment 0 only require client auth on the subdirectory. (In reply to Evelyn Hung [:evelyn] from comment #2) > From [1] it seems the certificate is exchanged over TLS (let me know if this > is totally the wrong reference), so I assume the dialog will show up at the > moment we create a socket connection? This is the correct idea and yes, I think the certificate would be needed to setup the TLS connection.
Flags: needinfo?(MattN+bmo)
(In reply to Matthew N. [:MattN] (huge backlog; PM if requests are blocking you) from comment #3) > I even tried calling speculateConnect2 in the Browser Console for a client > auth URL and it didn't reproduce. I don't know if that API takes the path of > the URI into account From what I know and the answer from a necko team member, it won't take path into account.
For anyone trying to reproduce this issue, you can use about:networking to turn on HTTP logging for further analysis. https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging#Using_aboutnetworking
Favicons in the location bar (modulo bugs) should never fetch from the network, we always fetch from page-icon: protocol that is fetching from favicons.sqlite.
This does seem to be from speculative connections and that aligns with the timeline of when it started. I can now reliably reproduce on my regular profile and was able to reproduce once from the Browser Console in a new profile with a client cert imported (you can generate one easily from Keychain Access on OS X btw.): > Services.io.speculativeConnect2(Services.io.newURI("https://auth.startssl.com/"), gBrowser.contentPrincipal, null) The key to reproduce is that you have to remember that once you cancel the client cert dialog for an origin then you need to restart the browser for it to appear again on that origin (at least from what I can tell). It seems like we need to do the equivalent of setting `allowAuth` to false on a docShell for speculative connections.
Blocks: 1348275
Component: Location Bar → Networking
Keywords: regression, regressionwindow-wanted
Product: Firefox → Core
Summary: Client certificate dialog pops up while typing in the address bar → Client certificate dialog pops up from speculativeConnect2 while typing in the address bar
I guess this is a dupe of bug 910207 but it's going to be even more visible now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
No longer blocks: 1348275
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: