[meta] IPC PSM API for network process isolation

ASSIGNED
Assigned to

Status

()

enhancement
P3
normal
ASSIGNED
8 months ago
3 months ago

People

(Reporter: mayhemer, Assigned: dragana)

Tracking

(Depends on 5 bugs, Blocks 1 bug, {meta})

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox63 affected)

Details

(Whiteboard: [psm-assigned], URL)

Attachments

(1 obsolete attachment)

(Reporter)

Description

8 months ago
See the URL for details.

The idea is to forward following callback processing asynchronously to a different process (triggered on the socket process with an empty NSS and processed on the parent process with a full NSS):

SSL_AuthCertificateHook 
Responsible for certificate (chain) verification
Can return would-block

SSL_HandshakeCallback
Called after the handshake is done, doesn’t return anything, only collects telemetry and updates some info on the socket

SSL_SetCanFalseStartCallback
No need to proxy this one

SSL_GetClientAuthDataHook (probably for a followup bug, we need to pass the handle serialization around and use a modified soft-token overlay to perform the ops with a sync IPC call)
Can return would-block
The private key is only a handle

SSL_SetPKCS11PinArg
This sets an argument (in PSM case IR hanging of the socket) that is passed to the auth function set globally with PK11_SetPasswordFunc
This is used in a sync matter
(Reporter)

Updated

7 months ago
Status: NEW → ASSIGNED
(Reporter)

Comment 1

7 months ago
Posted patch wip1 (backup) (obsolete) — Splinter Review
this builds on win and on top of [1] and tries to see all certs as valid (quick workaround for ssl support).  but I'm getting a number of weird assertions all around the code, probably related to response handling that may be because of some violation of the stream listener contract.

kershaw sees some assertions as well, even w/o this patch.

[1] https://hg.mozilla.org/projects/larch/rev/94a22fd022b9e1d6b78a41081f302f5e8309a80a
QA Contact: dkeeler
Whiteboard: [psm-assigned]
QA Contact: dkeeler
(Reporter)

Updated

6 months ago
Priority: P2 → P3
(Reporter)

Updated

5 months ago
Depends on: 1503834
(Reporter)

Updated

5 months ago
Depends on: 1512470
(Reporter)

Updated

5 months ago
Depends on: 1512471
(Reporter)

Updated

5 months ago
Depends on: 1512475
(Reporter)

Updated

5 months ago
Depends on: 1512478
(Reporter)

Updated

5 months ago
Depends on: 1512479
(Reporter)

Updated

5 months ago
Summary: IPC PSM API for network process isolation → [meta] IPC PSM API for network process isolation
(Reporter)

Updated

5 months ago
Attachment #9014844 - Attachment is obsolete: true
(Reporter)

Updated

5 months ago
Depends on: 1512598
(Reporter)

Updated

3 months ago
Assignee: honzab.moz → dd.mozilla
You need to log in before you can comment on or make changes to this bug.