Open
Bug 506965
Opened 15 years ago
Updated 1 year ago
NSS does not support CKR_FUNCTION_CANCELED from C_Login
Categories
(NSS :: Libraries, enhancement, P5)
NSS
Libraries
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: martin, Unassigned)
References
(Blocks 1 open bug)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; et-ee) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19
Build Identifier:
When using Firefox with a pinpad reader and user cancels the PIN entry with the red button, OpenSC PKCS#11 returns CKR_FUNCTION_CANCELED, as defined in PKCS#11 v2.11. NSS maps this to a generic failure and Firefox continues to ask for the PIN.
Reproducible: Always
Steps to Reproduce:
1. Use a pinpad reader with a PKCS#11 provider that supports it, like SCM SPR532 with OpenSC and Estonian eID
2. Go to a website requiring a client certificate from the token
3. When asked to enter the PIN on the pinpad, press cancel (TheRedButton)
Actual Results:
A new popup window appears asking me to enter the PIN on the pinpad again, repeated 3 times and ends with an error screen with ssl_error_handshake_failure_alert
Expected Results:
After pressing cancel, an information window with "operation cancelled by user" message should appear. If the client certificate was optional, firefox should continue. If it was required, an information screen with "Can not continue without a client certificate" should be displayed.
Comment 1•15 years ago
|
||
Why do you think this is a bug?
I think you are asking for the product to work differently than it was
designed to work.
Severity: normal → enhancement
Reporter | ||
Comment 2•15 years ago
|
||
PKCS#11 spec: CKR_FUNCTION_CANCELED: ..... It also happens
to a function that performs PIN entry through a protected path. The method used to cancel
a protected path PIN entry operation is device dependent.
Firefox/NSS apparently supports pinpad authentication as simple verification in simple cases works and Firefox knows how to display an information window "Please enter PIN on pinpad". So I assume the product is designed to work with pinpads.
In fact, not only C_Login can return this return code but any operation with PKCS#11 that might require authenticatin (like C_Sign). The way NSS translates it to SEC_ERROR_LIBRARY_FAILURE sure seems a bug to me.
Blocks: 506974
Updated•2 years ago
|
Severity: normal → S3
Updated•1 year ago
|
Severity: S3 → N/A
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•