Closed Bug 1439105 Opened 4 years ago Closed 4 years ago

http2 reject client cert post handshake

Categories

(Core :: Networking: HTTP, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla60
Tracking Status
firefox60 --- fixed

People

(Reporter: mcmanus, Assigned: mcmanus)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

7540 bans client certs after sending the h2 preamble by placing a requirement on the server to reject them if they arrive.

Technically there is nothing for us to do but we've got another patch that strongly assumes this property holds, so we should take a patch like the one I'm proposing that will refuse to send a client cert after that time.
Blocks: 1363284
Attachment #8951862 - Flags: review?(dkeeler)
Attachment #8951862 - Flags: review?(daniel)
Comment on attachment 8951862 [details]
Bug 1439105 - Ban H2 Client Certs Post Handshake

https://reviewboard.mozilla.org/r/221154/#review227066

::: netwerk/protocol/http/nsHttpConnection.cpp:284
(Diff revision 1)
>  
>      MOZ_ASSERT(!mSpdySession || mDid0RTTSpdy);
>  
>      mUsingSpdyVersion = spdyVersion;
>      mEverUsedSpdy = true;
> +    if (sslControl) {

maybe an assert on 'sslControl' here because it shouldn't ever be null here, should it?
Attachment #8951862 - Flags: review?(daniel) → review+
Assignee: nobody → mcmanus
Priority: -- → P1
Whiteboard: [necko-triaged]
Comment on attachment 8951862 [details]
Bug 1439105 - Ban H2 Client Certs Post Handshake

https://reviewboard.mozilla.org/r/221154/#review227596

PSM changes look good to me. Might be nice to have a test :)
Attachment #8951862 - Flags: review?(dkeeler) → review+
Pushed by mcmanus@ducksong.com:
https://hg.mozilla.org/integration/autoland/rev/c9fd03a815bc
Ban H2 Client Certs Post Handshake r=bagder,keeler
https://hg.mozilla.org/mozilla-central/rev/c9fd03a815bc
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
You need to log in before you can comment on or make changes to this bug.