Closed Bug 1627654 Opened 5 years ago Closed 5 years ago

Padlock in URL bar is sometimes missing when a FPN session is active

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Version:
76 Branch
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox74 --- unaffected
firefox75 --- unaffected
firefox76 --- disabled
firefox77 --- verified

People

(Reporter: Fanolian+BMO, Assigned: kershaw)

References

(Regression)

Details

(Keywords: nightly-community, regression, reproducible, Whiteboard: [necko-triaged])

Attachments

(3 files)

FPN padlock missing.png
55.58 KB, image/png
Details
Bug 1627654 - Setup resumption callback when nsNSSSocketInfo is created
47 bytes, text/x-phabricator-request
Details | Review
padlock.png
87.58 KB, image/png
Details
Attached image FPN padlock missing.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
Build ID: 20200406092400

Steps to reproduce

The issue randomly appears when I am surfing the net and it can occur to any website. Here is a fairly reliable way to reproduce it for me:

  1. Open Nightly with a new profile.
  2. Install Firefox Private Network browser extension (FPN) v21.
  3. Log in to FPN. Activate a session.
  4. Visit https://www.google.com/ (or any webpage). Let it finish loading.
  5. Shift-left-click the reload icon on toolbar to reload the page.

Actual result

The padlock icon in the URL bar is replaced by ⓘ. Please refer to the attached screenshot.

Expected result

A padlock is shown.

Workaround

  1. Toggle network.ssl_tokens_cache_enabled to false and reload the page; OR
  2. Pause the FPN session and reload the page.

Notes

I have tried FPN v20 and v21. Both of them exhibit the same bug.

Flags: needinfo?(kershaw)
Assignee: nobody → kershaw
Flags: needinfo?(kershaw)
Priority: -- → P1
Whiteboard: [necko-triaged]

The problem here is that we only call SSL_SetResumptionTokenCallback when creating a new nsSocketTransport, but the same socket transport would be reused when connecting to https proxy. In this case, we only save the resumption token for the connection of secure proxy and the token for www.google.com is not saved. As a result, the session resumption is failed because the token is missing.
I think we should call SSL_SetResumptionTokenCallback when a new nsNSSSocketInfo is created.

Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1461bdc19026 Setup resumption callback when nsNSSSocketInfo is created r=keeler

https://hg.mozilla.org/mozilla-central/rev/1461bdc19026

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
status-firefox77: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
Flags: qe-verify+

I have verified that this is no longer reproducible on Firefox Nighlty 78.0a1 (Build ID 20200510212656) using Windows 10 x64 and Mac OS 10.14.6 .
The padlock is shown and active. (checked multiple sites)
Attaching postfix screenshot.

Status: RESOLVED → VERIFIED
status-firefox77: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: