Closed
Bug 1617956
Opened 5 years ago
Closed 3 years ago
libssl should be able to handle the client auth data hook returning SECWouldBlock
Categories
(NSS :: Libraries, enhancement, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: keeler, Assigned: djackson)
References
Details
(Whiteboard: [nss-fx])
Attachments
(1 file, 1 obsolete file)
Currently libssl can't handle client auth data hooks (i.e. set by SSL_GetClientAuthDataHook) that are asynchronous. We need a way to make this possible in Firefox so that one connection waiting for a client certificate doesn't block the entire socket thread, and thus all other connections.
|
||
Comment 1•5 years ago
|
||
Marking this P3, but to help us avoid forgetting about this for 3.52 or 3.53 going to needinfo Kevin.
Flags: needinfo?(kjacobs.bugzilla)
Priority: -- → P3
|
||
Updated•5 years ago
|
Flags: needinfo?(bbeurdouche)
|
|
||
Updated•5 years ago
|
Assignee: nobody → bbeurdouche
Status: NEW → ASSIGNED
Flags: needinfo?(bbeurdouche)
|
||
Updated•4 years ago
|
Flags: needinfo?(kjacobs.bugzilla)
|
|
||
Updated•4 years ago
|
Whiteboard: [nss-fx]
|
|
||
Updated•4 years ago
|
Severity: normal → S3
Priority: P3 → P1
QA Contact: jc
|
|
||
Updated•4 years ago
|
Assignee: bbeurdouche → nobody
Status: ASSIGNED → NEW
|
Assignee | |
Updated•3 years ago
|
Assignee: nobody → djackson
|
|
Assignee | |
Comment 2•3 years ago
|
||
This is a request for feedback on the high level design. This patch:
- Allows client auth hooks to return WouldBlock, pauses the handshake and resumes
whenSSL_ClientAuthCallbackCompleteis called. - Overhauls the ClientAuth gtests to include asynchronous callbacks.
- Adds an asynchronous client auth hook to tstclnt.
There's still a couple of known issues I need to address:
- Additional docs
- Some additional test cases to confirm the handshake is correctly paused between callbacks.
- The async timer used only for running the gtests causes a segfault in NSPR on Windows builds only.
I need to spend some time setting up a Windows dev environment.
Specific questions:
@dana - Does this provide the right API for your needs?
@mt - Are the changes to the TLS state machine reasonable?
|
||
Updated•3 years ago
|
Attachment #9262846 -
Attachment description: Bug 1617956 - RFC - Add support for asynchronous client auth hooks. r=keeler,jschanck,mt → WIP: Bug 1617956 - Add support for asynchronous client auth hooks. r=keeler,jschanck,mt
|
|
Assignee | |
Comment 3•3 years ago
|
||
|
|
||
Updated•3 years ago
|
Attachment #9275722 -
Attachment is obsolete: true
|
|
||
Updated•3 years ago
|
Attachment #9262846 -
Attachment description: WIP: Bug 1617956 - Add support for asynchronous client auth hooks. r=keeler,jschanck,mt → Bug 1617956 - Add support for asynchronous client auth hooks. r=keeler,jschanck,mt
|
|
Assignee | |
Comment 4•3 years ago
|
||
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•