Firefox still asks for the smarcard password after the card has been removed
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox77 | --- | fixed |
People
(Reporter: bigon, Assigned: keeler)
Details
(Whiteboard: [psm-assigned][psm-smartcard])
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
Steps to reproduce:
- On linux load opensc-onpin module in firefox
- Go to a website that uses the client certificate present on the smarcard
- FF opens a dialog to ask about the password of the key
- Remove the smartcard
- Browse to an other website that also use a (different) client certificate
Actual results:
Firefox still asks for a password for the smartcard that has been removed
Expected results:
Firefox sees that the smartcard is not present anymore and don't ask for any pin
Reporter | ||
Comment 1•4 years ago
|
||
The Opensc module entry in security device panel in the preferences properly shows whether there is a smartcard present or not
FTR, it's opensc 0.20.0
Comment 2•4 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 3•4 years ago
|
||
Does this build fix the issue for you? https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/WzmbGiRtT1-UT3dCyjc-Tg/runs/0/artifacts/public/build/target.tar.bz2
Comment 4•4 years ago
|
||
Resetting severity to default of --
.
Reporter | ||
Comment 5•4 years ago
|
||
75 is still affected but it looks like that the build above is OK
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 6•4 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/13ce97c56e6e don't attempt to authenticate to tokens that aren't present r=bbeurdouche
Reporter | ||
Comment 8•4 years ago
|
||
Little question here, the certificate of the smartcard is not listed in the list of acceptable client certificate on the other website I'm going. Is that expected that it's even trying to get the key from the smartcard?
FTR, the other website I'm browsing to in step 4) is https://tracker.debian.org, openssl only shows one "Acceptable client certificate CA names":
CN = SSO CA 2015-08-21, O = Debian SSO client certificate
Reporter | ||
Comment 9•4 years ago
|
||
To be complete, I do have a certificate that matches that CA on my machine, just not on the smartcard
Comment 10•4 years ago
|
||
bugherder |
Assignee | ||
Comment 11•4 years ago
|
||
(In reply to Laurent Bigonville from comment #8)
Little question here, the certificate of the smartcard is not listed in the list of acceptable client certificate on the other website I'm going. Is that expected that it's even trying to get the key from the smartcard?
FTR, the other website I'm browsing to in step 4) is https://tracker.debian.org, openssl only shows one "Acceptable client certificate CA names":
CN = SSO CA 2015-08-21, O = Debian SSO client certificate
If I understand your question, yes, that is the expected behavior at the moment.
Updated•4 years ago
|
Comment 12•4 years ago
|
||
Laurent, would you be comfortable to verify that this is no longer an issue for you on latest Firefox Beta build? Download link: Here
Reporter | ||
Comment 13•4 years ago
|
||
Firefox 77 final seems to fix my issue, thanks
Description
•