Closed Bug 1562773 Opened 3 months ago Closed 4 days ago

Add a Pref to Enable Delegated Credentials in NSS

Categories

(Core :: Security: PSM, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: jcj, Assigned: kjacobs)

References

(Depends on 1 open bug, Blocks 4 open bugs)

Details

(Whiteboard: [psm-backlog])

Attachments

(3 files)

When certificate verification logic can handle Delegated Credentials and error cases are updated if or as necessary, we should enable support for Delegated Credentials.

Potentially this might be begin as an origin trial of some sort.

Priority: -- → P2
Whiteboard: [psm-backlog]
Summary: Enable Delegated Credentials in NSS → Add a Pref to Enable Delegated Credentials in NSS

This patch adds a new pref, "security.tls.enable_delegated_credentials",
default false, which controls the NSS option SSL_ENABLE_DELEGATED_CREDENTIALS.

This patch does not add a test (yet). WIP.

Keywords: leave-open
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b61d69854431
Add a preference to enable Delegated Credentials in NSS r=keeler
Depends on: 1569221
Blocks: 1569222
Depends on: 1569223
Attachment #9077768 - Attachment description: Bug 1562773 - WIP - Add delegated credentials test → Bug 1562773 - [WIP] Add delegated credentials test r?keeler
Blocks: 1574029
Assignee: nobody → kjacobs.bugzilla
Status: NEW → ASSIGNED

Kevin - Please take over D39807 and D37918. The test still fails, probably due to a serialization issue (see Dana's comments in the patch), but the trivial fixes aren't themselves fixing it, either.

I'd recommend starting with a Wireshark session of the xpcshell test run, confirm that the data on the wire looks like DC is in use when it's suppose to be, and then debug the serialization routines.

Attachment #9081492 - Attachment description: Bug 1562773 - [WIP] Propagate Delegated Credential flag to nsITransportSecurityInfo r?keeler → Bug 1562773 - Propagate Delegated Credential flag to nsITransportSecurityInfo r?keeler
Attachment #9077768 - Attachment description: Bug 1562773 - [WIP] Add delegated credentials test r?keeler → Bug 1562773 - Add delegated credentials tests r?keeler
Blocks: 1580053

Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f32f7a644981
Propagate Delegated Credential flag to nsITransportSecurityInfo r=keeler
https://hg.mozilla.org/integration/autoland/rev/154b23d4a214
Add delegated credentials tests r=keeler,jcj

Keywords: checkin-needed

Apparently there's a mirror class (netwerk/base/FuzzySecurityInfo.cpp) that's only compiled in fuzzing builds...

Will re-flag once the new try run succeeds. Sorry about that.

Flags: needinfo?(kjacobs.bugzilla)
Keywords: checkin-needed

Pushed by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8dcf26ff6310
Propagate Delegated Credential flag to nsITransportSecurityInfo r=keeler,jcj

Keywords: checkin-needed
Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 11 days ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Looks like the last check-in didn't take the remaining test patch.

Can we get D37918 Bug 1562773 - Add delegated credentials tests r?keeler landed please? Thanks.

Status: RESOLVED → REOPENED
Keywords: checkin-needed
Resolution: FIXED → ---

Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f3cf877afac2
Add delegated credentials tests r=keeler,jcj

Keywords: checkin-needed
Status: REOPENED → RESOLVED
Closed: 11 days ago4 days ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.