Closed Bug 1435294 Opened 8 years ago Closed 5 years ago

security module settings not persisted on restart

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: schwarz, Unassigned, NeedInfo)

Details

(Keywords: regression, regressionwindow-wanted)

Attachments

(4 files)

ffox-old-on-install.log
20.41 KB, text/x-log
Details
PKCS11 conversation on restart of FFox ESR
18.45 KB, text/x-log
Details
PKCS11 conversation on install in latest non-ESR FF
19.67 KB, text/x-log
Details
PKCS11 conversation on restart in latest non-ESR FFox
155.27 KB, text/x-log
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Steps to reproduce: Go to Preferences > Advanced > Certificates > Security Devices, load a new module. p11kit's /usr/lib64/p11-kit-proxy.so is sufficient to reproduce, no hardware token is needed. Confirm and close all dialogs. [In real use case, assign certificate to mail account.] Restart Thunderbird Actual results: "Security devices" returns to its two default entries "NSS Internal …" and "Builtin Root Module", the device just added is gone again, and signing/encrypting mails with certificate therein hence does not work. Expected results: Additional device setting is restored on restart, requesting login either at startup or when needed for a sign/encrypt operation.
Manually inspecting the database with nss tools shows the setting is saved, but erased on thunderbird restart. This is a regression, since I used to have a saved driver in there, but I do not recall the version of TB and NSS that worked. (Probably around the time of RHEL 6.0)
Component: Untriaged → Security
Keywords: regression, regressionwindow-wanted
Summary: security module settings not persisted → security module settings not persisted on restart
Maybe a silly question: Can this be reproduced in Firefox? TB uses Mozilla core software which is also the base of FF. If you can reproduce this in FF, we'll get some attention from the FF people.
Also occurs with FF ESR 52.6.0 (RH/CentOS build) w/ system NSS version 3.28.4 (CentOS 7).
Product: Thunderbird → Firefox
Does this happen with ESR 52 downloaded from https://www.mozilla.org/en-US/firefox/organizations/all/ ?
Flags: needinfo?(schwarz)
Can be reproduced in stock ESR 52.6.0, canNOT be reproduced in stock 58.0.1.
Flags: needinfo?(schwarz)
https://mozilla.github.io/mozregression/ might help narrow down when this changed.
I've used pkcs11-logger to snoop on the conversation, comparing install and restart on latest ESR (bug present) and latest non-ESR (bug not present), and to my layperson eye, it looks like maybe ESR does not loop over all slots of the virtual card. I'll see if I can get the logs attached to the original bug report; call structure seemed to be identical until l. 355 in ffox-???-restart.log, where the old one just closes the session and the new one starts issuing a series of C_FindObjectsInit/C_FindObjects/C_FindObjectsFinal.
PKCS11 conversation when installing security module in FFox ESR
PKCS11 conversation on restart of FFox ESR
Installation of security module in latest FF
PKCS11 conversation in latest FFox; the first ~350 lines seem identical to the old version, but then it starts finding and looping over more things.

Presumably, since the latest Thunderbird is based on Gecko 68, this is now fixed? Reporter, can you confirm?

Flags: needinfo?(schwarz)

Closing as worksforme since it has been over 14 days with no response from the reporter. Please reopen the bug and request needinfo if you can still reproduce.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: