Remove disable-NSS_ALLOW_SSLKEYLOGFILE build override
Categories
(Firefox :: Security, task)
Tracking
()
People
(Reporter: jcj, Assigned: erahm)
References
Details
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
In bug 1519209, mozbuild disabled NSS_ALLOW_SSLKEYLOGFILE for the NSS gyp files due to a shutdown crash. That was fixed in NSS 3.44 by Bug 1515236 (which, while still open, is for test issues unrelated to the crash). We should be able to remove the build override at this point - and may want to consider doing so for Beta, too.
|
||
Updated•5 years ago
|
|
Assignee | |
Updated•5 years ago
|
Any chance that this can be enabled for the next Release version (Firefox 68)? According to bug 1519209 the feature seems to affect Firefox 65, 66, 67 and ESR 60.4.1.
I can unfortunately not recommend users to use Firefox Nightly and would have to point them at Chrome until this bug is fixed.
affect Firefox 65, 66, 67 and ESR 60.4.1.
Clarification: it only affects official builds from Mozilla. For example, Firefox 67 and 67.0.1 on macOS is affected, but the feature still works with Firefox 67.0 on Arch Linux because the system NSS library is in use.
|
Reporter | |
Comment 3•5 years ago
|
||
Peter, have you encountered problems using it in Firefox 68? It should be fixed in that version (in NSS 3.44).
Yes, I just reproduced the issue with 68.0b8 on macOS. strings on libnss3.dylib also did not reveal SSLKEYLOGFILE. This is expected since the current tip still disables the option for the Release or Beta channels:
https://searchfox.org/mozilla-central/rev/0da35261b6789eec65476dbdd4913df6e235af6d/python/mozbuild/mozbuild/frontend/gyp_reader.py#259
|
|
Reporter | |
Comment 5•5 years ago
|
||
[Tracking Requested - why for this release]:
As Peter says, this is a valuable webdev feature and debugging mechanism currently disabled in non-Nightly. We should seriously consider uplifting the fix to Beta.
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 6•5 years ago
|
||
NSS_ALLOW_SSLKEYLOGFILE no longer has issues upstream, we can allow it again.
Pushed by erahm@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7efae4f444f1 Backed out changeset 0801165e3175. r=jcj
|
||
Comment 8•5 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•5 years ago
|
|
||
Comment 10•5 years ago
|
||
Hi, could this feature be uplifted for the 68 release? Apparently that is an ESR release, so to make life of a troubleshooter easier I would like to have it enabled in there. Otherwise we would have to recommend using Chrome as workaround if users do not have an appropriate version.
|
|
Reporter | |
Comment 11•5 years ago
|
||
Comment on attachment 9071963 [details]
Bug 1555067 - Backed out changeset 0801165e3175. r=jcj
Beta/Release Uplift Approval Request
- User impact if declined: ESR users will be unable to debug SSL issues.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is basically a build script change, as the functional updates went into 67 and have been thoroughly tested.
- String changes made/needed: None
|
|
Reporter | |
Comment 12•5 years ago
|
||
Normally :erahm would make this call, but ISTM to be an easy uplift request.
|
|
||
Comment 13•5 years ago
|
||
Comment on attachment 9071963 [details]
Bug 1555067 - Backed out changeset 0801165e3175. r=jcj
approved for 68.0b14
|
||
Comment 14•5 years ago
|
||
| bugherder uplift | ||
Description
•