User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:18.104.22.168) Gecko/20071127 Firefox/22.214.171.124 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:126.96.36.199) Gecko/20071127 Firefox/188.8.131.52 I have installed an eToken with certificate on it. Whenever I am visiting an https site for the first time after a browser restart, firefox asks me for the token password. Firefox should only asks to access that certificate if it needs it to comply with a website request of clientverify. Reproducible: Always Steps to Reproduce: 1.Install a secure token in Firefox 2.Put a certificate on that token 3.Visit a standard https website Actual Results: Firefox will ask and keep asking for the password of the device Expected Results: Firefox should leave the token alone if the website didn't set SSL client auth as optional or required. I have a feeling that FireFox cannot know what certificates are on the token before accessing it because it doesn't use a user certificate store like microsoft. It would be acceptable to have firefox query the token when a website requires authentication and then find out that no certificate match the CA. Firefox should not query the tokens when no SSL auth are asked.
Assignee: nobody → kengert
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
I remember having seen such a report in the past. I know that something was done about that in NSS which fixed it for most tokens. But if I remember correctly, there are tokens with a broken behavior. I think NSS is trying to iterate through all available certificates, and some tokens require authentication before that works. Bob?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Dug in the source code and that's exactly it. NSS iterates all the DEVICES and tries to get a certificate list for each of them. Some PKCS #11 modules will ask for PIN before giving that. Any change that we can just skip the interation all together if the remote website doesn't ask for 2 way SSL auth?
reassign bug owner. mass-update-kaie-20120918
Assignee: kaie → nobody
Is this still an issue?
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.