Closed Bug 1546816 Opened 5 years ago Closed 5 years ago

Changes needed to make proxy certificate validation from Socket Process/Socket Thread to Parent Process easier

Categories

(Core :: Security: PSM, enhancement, P2)

Product:
Core
Component:
Security: PSM
Version:
68 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox68 --- affected

People

(Reporter: dragana, Assigned: kershaw)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(6 files, 3 obsolete files)

Bug 1546816 - Part 1-1: Remove MITM_OK flag and bypassAuthentication
47 bytes, text/x-phabricator-request
Details | Review
Bug 1546816 - Part 1-2: Simplify collecting telemetry
47 bytes, text/x-phabricator-request
Details | Review
Bug 1546816 - Part 1-3: Always do certificate verification on a background thread
47 bytes, text/x-phabricator-request
Details | Review
Bug 1546816 - Part 1-4: Remove mTelemetryID and mTelemetryValue from SSLServerCertVerificationResult
47 bytes, text/x-phabricator-request
Details | Review
Bug 1546816 - Part 1-5: Add AuthCertificateSetResults helper function
47 bytes, text/x-phabricator-request
Details | Review
Bug 1546816 - Part 1-6: Add a helper function: AuthCertificateParseResults
47 bytes, text/x-phabricator-request
Details | Review
No description provided.
Blocks: 1512471
Type: defect → enhancement
Keywords: checkin-needed

Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dbb07b64cdf9
Part 1: Changes needed for performing cert verification on the parent proces while networking access is on the socket process. r=keeler

Keywords: checkin-needed
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4d299dcdcaaa
Part 2: Change nsNSSCallback to prepare for moving cert verifications to the parent process if the socket process performs network access. r=keeler

There are some r+ patches which didn't land and no activity in this bug for 2 weeks.
:dragana, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(dd.mozilla)

Still this from Dragana.
I'll try to finish this bug.

Assignee: dd.mozilla → kershaw
Flags: needinfo?(dd.mozilla)
Depends on: 1577428
Attachment #9088776 - Attachment is obsolete: true
Attachment #9060555 - Attachment is obsolete: true
Keywords: leave-open
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/81feab3f92a5
Part 1-1: Remove MITM_OK flag and bypassAuthentication r=keeler
https://hg.mozilla.org/integration/autoland/rev/a89d6ea194c1
Part 1-2: Simplify collecting telemetry r=keeler
https://hg.mozilla.org/integration/autoland/rev/f3cc7d17a1f4
Part 1-3: Always do certificate verification on a background thread r=keeler
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5b303cb0a0a3
Part 1-4: Remove  mTelemetryID and mTelemetryValue from SSLServerCertVerificationResult r=keeler
Regressions: 1580136
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/890b10f39b9c
Part 1-5: Add AuthCertificateSetResults helper function r=keeler
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c4ba0117c23d
Part 1-6: Add a helper function: AuthCertificateParseResults r=keeler

Comment on attachment 9060556 [details]
Part 2: Change nsNSSCallback to prepare for moving cert verifications to the parent process if the socket process performs network access. r=keeler

We don't need this patch.

Attachment #9060556 - Attachment is obsolete: true

We can close this bug now.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Keywords: leave-open
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: