Stan: NES/SSL should remember that client refused to authenticate

ASSIGNED
Unassigned

Status

NSS
Libraries
P3
enhancement
ASSIGNED
17 years ago
8 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

This was originally bugsplat bug 326792

If you have an SSL server configured with access control that 
requests, but does not require, client authentication, and the 
client actually does authenticate, then the client's cert is kept
in the the cache of client certs used by the server, and the user
is not requested to re-authenticate with each new connection.

But if the user does NOT authenticate, then the user will be asked
to authenticate again with each new request to the server.

We need a way to discern between 
"We haven't asked the user to authenticate before" and
"We asked the client to authenticate, and it refused." 
and make this info available to the app that's using the ssl lib.
The app should make the do/don't decisions based on that info
because it's policy info.

------- Additional Comments From robm  10/01/98 15:08 ------- 

This sounds like a good enhancement to me. When you get to it, let 
me know which NSS calls are affected, and I'll see about using them
(Reporter)

Comment 1

17 years ago
Reassigning to myself
Assignee: wtc → nelsonb
(Reporter)

Updated

17 years ago
Status: NEW → ASSIGNED
(Reporter)

Comment 2

17 years ago
Change target fix version for all "stan" RFEs to "Future".
Target Milestone: --- → Future

Comment 3

13 years ago
Hey Nelson, need any help with this one?
(Reporter)

Comment 4

13 years ago
Thomas, You're welcome to try to help with this.  
Before you do too much with it, first read bug 135261 to see how the 
problem has changed since this bug was filed.  
Then I suggest you propose a solution here (before doing much coding),
and if the design idea seems good, then proceed with a code contribution.  
An enhancement in this area might be taken in NSS 3.11 or 3.12.  
(Reporter)

Comment 5

12 years ago
I think this was implemented, and is enabled by the choice of a particular
setting for the "required" flag.  I need to double-check.  
Target Milestone: Future → ---
(Reporter)

Updated

12 years ago
QA Contact: wtchang → libraries
(Reporter)

Updated

8 years ago
Assignee: nelson → nobody
You need to log in before you can comment on or make changes to this bug.