Closed Bug 1629059 Opened 4 years ago Closed 4 years ago

Firefox still asks for the smarcard password after the card has been removed

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Version:
74 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: bigon, Assigned: keeler)

Details

(Whiteboard: [psm-assigned][psm-smartcard])

Attachments

(1 file)

Bug 1629059 - don't attempt to authenticate to tokens that aren't present r?beurdouche
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0

Steps to reproduce:

  1. On linux load opensc-onpin module in firefox
  2. Go to a website that uses the client certificate present on the smarcard
  3. FF opens a dialog to ask about the password of the key
  4. Remove the smartcard
  5. Browse to an other website that also use a (different) client certificate

Actual results:

Firefox still asks for a password for the smartcard that has been removed

Expected results:

Firefox sees that the smartcard is not present anymore and don't ask for any pin

The Opensc module entry in security device panel in the preferences properly shows whether there is a smartcard present or not

FTR, it's opensc 0.20.0

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security: PSM
Product: Firefox → Core
Priority: -- → P3
Whiteboard: [psm-backlog][psm-smartcard]

Resetting severity to default of --.

75 is still affected but it looks like that the build above is OK

Flags: needinfo?(bigon)
Assignee: nobody → dkeeler
Priority: P3 → P1
Whiteboard: [psm-backlog][psm-smartcard] → [psm-assigned][psm-smartcard]
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/13ce97c56e6e
don't attempt to authenticate to tokens that aren't present r=bbeurdouche

Little question here, the certificate of the smartcard is not listed in the list of acceptable client certificate on the other website I'm going. Is that expected that it's even trying to get the key from the smartcard?

FTR, the other website I'm browsing to in step 4) is https://tracker.debian.org, openssl only shows one "Acceptable client certificate CA names":
CN = SSO CA 2015-08-21, O = Debian SSO client certificate

To be complete, I do have a certificate that matches that CA on my machine, just not on the smartcard

https://hg.mozilla.org/mozilla-central/rev/13ce97c56e6e

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77

(In reply to Laurent Bigonville from comment #8)

Little question here, the certificate of the smartcard is not listed in the list of acceptable client certificate on the other website I'm going. Is that expected that it's even trying to get the key from the smartcard?

FTR, the other website I'm browsing to in step 4) is https://tracker.debian.org, openssl only shows one "Acceptable client certificate CA names":
CN = SSO CA 2015-08-21, O = Debian SSO client certificate

If I understand your question, yes, that is the expected behavior at the moment.

Flags: qe-verify+

Laurent, would you be comfortable to verify that this is no longer an issue for you on latest Firefox Beta build? Download link: Here

Flags: qe-verify+ → needinfo?(bigon)

Firefox 77 final seems to fix my issue, thanks

Flags: needinfo?(bigon)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: