enable osclientcerts by default in nightly
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox80 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(3 files)
To move forward with shipping osclientcerts, the next step is to enable it by default in Nightly.
|
Assignee | |
Comment 1•5 years ago
|
||
|
|
Assignee | |
Comment 2•5 years ago
|
||
Depends on D81888
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 3•5 years ago
|
||
Depends on D81888
|
|
||
Updated•5 years ago
|
|
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/4588a1cd8376
https://hg.mozilla.org/mozilla-central/rev/00a3a5840b5c
https://hg.mozilla.org/mozilla-central/rev/1f8f22ec6792
|
|
Assignee | |
Comment 6•5 years ago
|
||
Comment on attachment 9160722 [details]
Bug 1649518 - 1/3: revert a34e77d6c3bf in preparation of enabling osclientcerts by default r?mixedpuppy
Beta/Release Uplift Approval Request
- User impact if declined: This reverts bug 1637807, which added a new webextension api that we decided wasn't necessary. We should remove it before it ships.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This should be a straightforward, complete backout of a new feature. As far as I know no work has landed on top of this since it landed.
- String changes made/needed: none
|
||
Comment 7•5 years ago
|
||
Comment on attachment 9160722 [details]
Bug 1649518 - 1/3: revert a34e77d6c3bf in preparation of enabling osclientcerts by default r?mixedpuppy
Removes an unnecessary extension API before it ships. Approved for 79.0b5.
|
|
||
Comment 8•5 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 9•5 years ago
|
||
Comment on attachment 9160722 [details]
Bug 1649518 - 1/3: revert a34e77d6c3bf in preparation of enabling osclientcerts by default r?mixedpuppy
Removing the approval on this to get this off the needs-uplift radar since status-firefox79:fixed doesn't probably make much sense here in light of what was actually uplifted from the bug.
|
|
||
Updated•5 years ago
|
|
||
Comment 10•4 years ago
|
||
Hi,
We are the editor of French CPS smartcard and its associated pkcs#11 and CSP components
I'm performing tests around the 'security.osclientcerts.autoload' setting.
I realize that this setting move to 'true' when updating from FF 85 beta to the current beta
( 86 beta 3 to the date of 30/01/2021).
At usage this results in the PIN code being requested multiple times when browsing to a secured site
that wants client certificate of the smartcard.
This side effect will be clearly not an option for our end users.
I have three questions:
- do you intend to land this behavior the next Firefox release to all platforms (windows, mac, linux)?
- which element control this setting (Windows registry key, mozilla policy, prefs.js)?
- could you please revert it to the 'false' default value as it is in FF 85 release?
Thanks for your pointers.
|
|
Assignee | |
Comment 11•4 years ago
|
||
Please file a new bug with as much detail about your setup as possible, perhaps with screenshots: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM
(In reply to BPER_ILEX from comment #10)
- do you intend to land this behavior the next Firefox release to all platforms (windows, mac, linux)?
This feature is not yet scheduled to be enabled in release. It only applies to Windows and macOS.
- which element control this setting (Windows registry key, mozilla policy, prefs.js)?
I don't understand this question. The feature can be enabled by the preference you already know about.
- could you please revert it to the 'false' default value as it is in FF 85 release?
This feature is not yet scheduled to be enabled in release.
Description
•