Closed Bug 1555067 Opened 2 years ago Closed 2 years ago

Remove disable-NSS_ALLOW_SSLKEYLOGFILE build override


(Firefox :: Security, task)

Not set



Firefox 69
Tracking Status
firefox68 + fixed
firefox69 --- fixed


(Reporter: jcj, Assigned: erahm)




(1 file)

In bug 1519209, mozbuild disabled NSS_ALLOW_SSLKEYLOGFILE for the NSS gyp files due to a shutdown crash. That was fixed in NSS 3.44 by Bug 1515236 (which, while still open, is for test issues unrelated to the crash). We should be able to remove the build override at this point - and may want to consider doing so for Beta, too.

Type: defect → task
Flags: needinfo?(erahm)

Any chance that this can be enabled for the next Release version (Firefox 68)? According to bug 1519209 the feature seems to affect Firefox 65, 66, 67 and ESR 60.4.1.

I can unfortunately not recommend users to use Firefox Nightly and would have to point them at Chrome until this bug is fixed.

affect Firefox 65, 66, 67 and ESR 60.4.1.

Clarification: it only affects official builds from Mozilla. For example, Firefox 67 and 67.0.1 on macOS is affected, but the feature still works with Firefox 67.0 on Arch Linux because the system NSS library is in use.

Peter, have you encountered problems using it in Firefox 68? It should be fixed in that version (in NSS 3.44).

Flags: needinfo?(peter)

Yes, I just reproduced the issue with 68.0b8 on macOS. strings on libnss3.dylib also did not reveal SSLKEYLOGFILE. This is expected since the current tip still disables the option for the Release or Beta channels:

Flags: needinfo?(peter)

[Tracking Requested - why for this release]:
As Peter says, this is a valuable webdev feature and debugging mechanism currently disabled in non-Nightly. We should seriously consider uplifting the fix to Beta.

NSS_ALLOW_SSLKEYLOGFILE no longer has issues upstream, we can allow it again.

Pushed by
Backed out changeset 0801165e3175. r=jcj
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 69

Could the fix also be applied to the 68 branch? Thanks!

Flags: needinfo?(erahm)

Hi, could this feature be uplifted for the 68 release? Apparently that is an ESR release, so to make life of a troubleshooter easier I would like to have it enabled in there. Otherwise we would have to recommend using Chrome as workaround if users do not have an appropriate version.

Flags: needinfo?(mt)
Flags: needinfo?(jjones)

Comment on attachment 9071963 [details]
Bug 1555067 - Backed out changeset 0801165e3175. r=jcj

Beta/Release Uplift Approval Request

  • User impact if declined: ESR users will be unable to debug SSL issues.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is basically a build script change, as the functional updates went into 67 and have been thoroughly tested.
  • String changes made/needed: None
Flags: needinfo?(jjones)
Attachment #9071963 - Flags: approval-mozilla-beta?

Normally :erahm would make this call, but ISTM to be an easy uplift request.

Flags: needinfo?(mt)

Comment on attachment 9071963 [details]
Bug 1555067 - Backed out changeset 0801165e3175. r=jcj

approved for 68.0b14

Attachment #9071963 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.