Closed Bug 1663752 Opened 4 years ago Closed 4 years ago

upload asepkcs.dll module in ff 80.0.1

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
80 Branch
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: p060477, Unassigned)

Details

Attachments

(10 files, 1 obsolete file)

log_12.09.2020.txt
4.71 MB, text/plain
Details
log.txt
73.18 KB, text/plain
Details
log.txt
17.92 KB, text/plain
Details
log.txt
63.34 KB, text/plain
Details
log1.txt
158.21 KB, text/plain
Details
log_oscl_static.txt
4.60 MB, text/plain
Details
log_pipnss.txt
7.65 MB, text/plain
Details
example "manage personal certificates" dialog
121.91 KB, image/png
Details
Immagine.jpg
235.00 KB, image/jpeg
Details
Immagine_new.jpg
226.31 KB, image/jpeg
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

if i only do the -true- trick in about config but i do not load the asepkcs.dll the athena smart card do not work
if i try to load the asepkcs.dll without doing the about config trick the module fails to load
but if i do the about config -true- trick and i try to upload the asepkcs.dll module i again get the error BUT then i see the
module loaded in the :
Options > Privacy & Security > Certificates > Security Devices;
so it is -listed-
then i try to connect, it asks the pin, i put it and finally it works!

what you think about this experience of mine?

Actual results:

if i only do the -true- trick in about config but i do not load the asepkcs.dll the athena smart card do not work
if i try to load the asepkcs.dll without doing the about config trick the module fails to load
but if i do the about config -true- trick and i try to upload the asepkcs.dll module i again get the error BUT then i see the
module loaded in the :
Options > Privacy & Security > Certificates > Security Devices;
so it is -listed-
then i try to connect, it asks the pin, i put it and finally it works!

what you think about this experience of mine?

Expected results:

to upload the dll module easly as in nightly or Esr vers

In a new profile, can you set security.osclientcerts.autoload to true, don't load asepkcs.dll, then follow the instructions in bug 1629002 comment 16, and try to connect? Thanks!

Flags: needinfo?(p060477)

Hi Dana
first let me thank you for yr attention
here it is what you ask:
i copied incolled cause i do not know how to upload it...:

Flags: needinfo?(p060477)
Attached file log test (obsolete) —

..no way to paste copy...too long..anyway i now found how to upload it..
i named it . log test
hope it helps
thxs again Dana
cheers

That log indicates that Firefox is not looking for any client certificates. Did you try to connect to the site that requests a client certificate while gathering that log?

Flags: needinfo?(p060477)
Attached file log_12.09.2020.txt

hi Dana
this is a new log text , i made lots of try to enter the site that require autentication with no fortune..all i got is fails...
thxs again for yr kind attention
hope this helps
cheers

Attachment #9174885 - Attachment is obsolete: true
Flags: needinfo?(p060477)

the only thing that i've noticed , and for me is -worst-, that after having, in powershell, done this:
$env:RUST_LOG = 'osclientcerts_static'

i no more be able to enter these autenticated sites with other browsers..as for ex. chrome or IExplorer...
before that i really was able to..
so may be this has done some configuration to my pc..
if yes how to come back..??..cause i really would like to be able to use also other browsers as in the recent past to enter those site
that requests a client certificate
thxs so much indeed again
cheers

That log indicates your copy of Firefox is not behaving like a normal copy of Firefox. Do you have any other software installed that might be interfering with Firefox? Can you create a new profile, follow the steps in comment 1, and try to access a site that requires authentication once?

(In reply to Giusy from comment #7)

the only thing that i've noticed , and for me is -worst-, that after having, in powershell, done this:
$env:RUST_LOG = 'osclientcerts_static'

i no more be able to enter these autenticated sites with other browsers..as for ex. chrome or IExplorer...

Setting an environment variable in powershell isn't a permanent change, so that has nothing to do with authentication failing in other browsers.

Flags: needinfo?(p060477)

hi Dana
first let me thank you again

  1. the report i've attached is exactlely made following yr istructions in comment 1 , i create a new profile and i try to acces the site which requires authentication, i do not have any other sw that may interfeer, and the 2 repo i've done were both created with this new profile..
    so why in the 1st you only said that i've no entered a protected site,which was rightly true due to my fault..,but you have not mentioned anything
    about the matter - a normal copy of firefox-....?
    the 2nd repo is when i've tried to enter a protected site as you asked...but the matter you rise about-not a normal ff copy- for me is stranger...
    i've downloaded it from the official mozilla site years ago and upgraded up to the latest 80 vers...and with its -profiles maker- i've created a new
    clean profile as you asked...

2)"Setting an environment variable in powershell isn't a permanent change"...but has its results only on firefox or with all the browsers i'm using in my pc..?...and if its effects are not only on firefox how to turn back using powershell..??..which command may i have to start..?

thxs again from the deep of my heart Dana

Flags: needinfo?(p060477)

just to let you know that also with latest ff 81 the bug is still there...

I was misinterpreting your logs - that actually looks normal, other than it not working.
Can you follow those steps again, but instead of setting $env:RUST_LOG = 'osclientcerts_static', can you set $env:MOZ_LOG = 'pipnss:4'?

Flags: needinfo?(p060477)
Attached file log.txt
Flags: needinfo?(p060477)

hi Dana
just done
the bug is still there..without loading the dll there is no way to enter the site
and consider that with the new setting:
$env:MOZ_LOG = 'pipnss:4'

firefox is so much slower and it freezes a lot...

thxs for yr kind attention

hope this helps

Great - thanks. Can you do the same but with security.osclientcerts.autoload set to false and with asepkcs.dll loaded?

Flags: needinfo?(p060477)
Attached file log.txt
Flags: needinfo?(p060477)

hi Dana
as i was afraid setting the security.osclientcerts.autoload set to false
there is still no way to load the asepkcs.dll
here it is attached the log text...
hope it helps
cheers

Oh, right - I forgot. How about with both security.osclientcerts.autoload set to true and asepkcs.dll loaded?

Flags: needinfo?(p060477)

hi Dana,
as i've already wrote in the start of this my report bug:

"
if i only do the -true- trick in about config but i do not load the asepkcs.dll the athena smart card do not work
if i try to load the asepkcs.dll without doing the about config trick the module fails to load
but if i do the about config -true- trick and i try to upload the asepkcs.dll module i again get the error BUT then i see the
module loaded in the :
Options > Privacy & Security > Certificates > Security Devices;
so it is -listed-
then i try to connect, it asks the pin, i put it and finally it works!

what you think about this experience of mine?

Actual results:

if i only do the -true- trick in about config but i do not load the asepkcs.dll the athena smart card do not work
if i try to load the asepkcs.dll without doing the about config trick the module fails to load
but if i do the about config -true- trick and i try to upload the asepkcs.dll module i again get the error BUT then i see the
module loaded in the :
Options > Privacy & Security > Certificates > Security Devices;
so it is -listed-
then i try to connect, it asks the pin, i put it and finally it works!

what you think about this experience of mine?

Expected results:

to upload the dll module easly as in nightly or Esr vers"

i sum up the part you ask now :
"How about with both security.osclientcerts.autoload set to true and asepkcs.dll loaded?"..:

if i do the about config -true- trick and i try to upload the asepkcs.dll module i again get the error BUT then i see the
module loaded in the :
Options > Privacy & Security > Certificates > Security Devices;
so it is -listed-
then i try to connect, it asks the pin, i put it and finally it works

thxs for yr attention
cheers

Flags: needinfo?(p060477)

To clarify, I'm not suggesting that configuration as a way to fix your setup. I need the output from the logs generated when you do that to attempt to figure out what's wrong and fix it.

Flags: needinfo?(p060477)
Attached file log.txt
Flags: needinfo?(p060477)
Attached file log1.txt

hi Dana first let me thank you again for yr kind attention and patience too
i've just uploaded 2 log text:
log.txt done setting: $env:RUST_LOG = 'osclientcerts_static'
log1txt done setting: $env:MOZ_LOG = 'pipnss:4'

hope it helps

thxs again

cheers

obviously with in both text:
"with both security.osclientcerts.autoload set to true and asepkcs.dll loaded"
and in both cases i've been able to enter the protected site

hope it helps

thxs again

cheers

Thanks. Can you try this build with just osclientcerts enabled? https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/BGwoT1RNR_qTNXt9M8jckA/runs/0/artifacts/public/build/install/sea/target.installer.exe (both types of log would be helpful)

Flags: needinfo?(p060477)
Attached file log_oscl_static.txt
Flags: needinfo?(p060477)
Attached file log_pipnss.txt

Hi Dana
thxs so much indeed again for yr kind attention
just uploaded what you require
in both cases no able to entered the protected site
hope it helps
cheers

Thanks. If you use the Windows taskbar to search for "Manage user certificates" (or the localized equivalent) and click on the corresponding match, you should see a window that looks like this attachment. Is the certificate you're trying to use in the list you see?

Flags: needinfo?(p060477)
Attached image Immagine.jpg
Flags: needinfo?(p060477)

Hi Dana thxs so much again
this is what i have...and the site of Regione Toscana which is the one protected i try to access there isn't...

Attached image Immagine_new.jpg

hi Dana i make another try following an yr old post:
"security.osclientcerts.autoload set to false and with asepkcs.dll loaded?" comment 14
and with a new profile
i was able to load the asepkcs.dll and to enter the site protected of Regione Toscana with my log in password as i did before ff vers 75...
BUT i re-try yr comment 28:
"If you use the Windows taskbar to search for "Manage user certificates" (or the localized equivalent) and click on the corresponding match, you should see a window that looks like this attachment. Is the certificate you're trying to use in the list you see?"
and i got the -same- result i re-attached
immagine_new
and the certificate is still not there...but i'm now inside the protected site with my log in pw and able to see my private data as in the old past with the ff vers previos to the n.75...

hope it helps

cheers

(In reply to Giusy from comment #32)

i was able to load the asepkcs.dll and to enter the site protected of Regione Toscana with my log in password as i did before ff vers 75...

Ok - so Firefox now works for you if you load asepkcs.dll?

BUT i re-try yr comment 28:
"If you use the Windows taskbar to search for "Manage user certificates" (or the localized equivalent) and click on the corresponding match, you should see a window that looks like this attachment. Is the certificate you're trying to use in the list you see?"
and i got the -same- result i re-attached
immagine_new
and the certificate is still not there...but i'm now inside the protected site with my log in pw and able to see my private data as in the old past with the ff vers previos to the n.75...

It looks like Windows doesn't recognize your smart-card for some reason. Since osclientcerts uses the Windows APIs, it won't be able to use the certificate on your smart-card.

Flags: needinfo?(p060477)

Dana thxs again for yr kind helping:
to sum up:
there is no way to NOT use the asepkcs.dll and only set the osclientcert to true to enter the protected site
before my last trying the only way was:
set the osclientcert to true in order to be able to load the asepkcs.dll and the enter the site
now with my last trying we are gone back to situation previous FF 75:
to enter the protected site it's only needed the asepkcs.dll loaded leaving osclientcerts set to false as it is by default

have i summed it up quite clearly?

thxs so much for yr helping

now i rfeally hope that the situation as in the past after vers 75 won't change again with the next FF vers...
:( ;)

cheers

Flags: needinfo?(p060477)

Ok, sounds like this works for you, so I'll close this as "works for me".

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME

hi Dana
..here i am again..this is for me a real nightmare...
FF 82.0.2
NO way to load asepkcs.dll
also with the famous trick in about config for security.osclientcerts.autoload false->true
so to sum up now we are in the same situation post ff 75:
no way to load the dll with the false true trick
so NO way to enter the protected site....
we have gone back to the worst past...
apologize me
i rerally thxs you so really much from the very deep of my little heart
for yr kind and gentle helping and patience too
i'm really in your hands
cheers

maybe in the one month ago when i finish my report here with these:
"now i really hope that the situation as in the past after vers 75 won't change again with the next FF vers..."....
i was looking in the future..that has became this present...
so the bug is still in the same position as it was in the post ff75 vers

i re-pray you to have the great heart and patience to help me
thxs again
apologize me
Giusy

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: