http2 reject client cert post handshake

RESOLVED FIXED in Firefox 60

Status

()

enhancement
P1
normal
RESOLVED FIXED
Last year
Last year

People

(Reporter: mcmanus, Assigned: mcmanus)

Tracking

unspecified
mozilla60
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox60 fixed)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 attachment)

7540 bans client certs after sending the h2 preamble by placing a requirement on the server to reject them if they arrive.

Technically there is nothing for us to do but we've got another patch that strongly assumes this property holds, so we should take a patch like the one I'm proposing that will refuse to send a client cert after that time.
Blocks: 1363284
Attachment #8951862 - Flags: review?(dkeeler)
Attachment #8951862 - Flags: review?(daniel)
Comment on attachment 8951862 [details]
Bug 1439105 - Ban H2 Client Certs Post Handshake

https://reviewboard.mozilla.org/r/221154/#review227066

::: netwerk/protocol/http/nsHttpConnection.cpp:284
(Diff revision 1)
>  
>      MOZ_ASSERT(!mSpdySession || mDid0RTTSpdy);
>  
>      mUsingSpdyVersion = spdyVersion;
>      mEverUsedSpdy = true;
> +    if (sslControl) {

maybe an assert on 'sslControl' here because it shouldn't ever be null here, should it?
Attachment #8951862 - Flags: review?(daniel) → review+
Assignee: nobody → mcmanus
Priority: -- → P1
Whiteboard: [necko-triaged]
Comment on attachment 8951862 [details]
Bug 1439105 - Ban H2 Client Certs Post Handshake

https://reviewboard.mozilla.org/r/221154/#review227596

PSM changes look good to me. Might be nice to have a test :)
Attachment #8951862 - Flags: review?(dkeeler) → review+
Pushed by mcmanus@ducksong.com:
https://hg.mozilla.org/integration/autoland/rev/c9fd03a815bc
Ban H2 Client Certs Post Handshake r=bagder,keeler
https://hg.mozilla.org/mozilla-central/rev/c9fd03a815bc
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
You need to log in before you can comment on or make changes to this bug.